mysqli_stmt::bind_param():变量的数量与准备好的语句中的参数数量不匹配

【问题标题】:mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statementmysqli_stmt::bind_param():变量的数量与准备好的语句中的参数数量不匹配
【发布时间】:2016-01-23 18:27:27
【问题描述】:

我是他们尝试使用 mysqli :: bind_param 失败。在下面的代码中,函数login ( ) 在页面login.php 上使用usernamepassword 调用。尽管所有的努力和指南和论坛已经阅读,继续返回相同的错误。

我都试过了

bind_param ( 's' , $ variable )

那与

bind_param ( 1 , $ variable )

那与

bind_param ( 'ss' , $ variable1 , $ variable2 )

我尝试了不带''的查询

"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"

我哪里错了?

public function login($_username, $_password) {
    $this->sessionOpen ();

     if ($_username == "") {
        $this->log->error ( "Username vuoto" );
        throw new AuthLoginFailed ();
    }
    if ($_password == "") {
        $this->log->error ( "Password vuota" );
        throw new AuthLoginFailed ();
    }

    $db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
    if (mysqli_connect_errno ()) {
        $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
        throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
    }

    $stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
    }
    echo md5 ( $_username ) . "---" . md5 ( $_password );
    //on page username and password is showed at this point
    $user=trim(md5 ( $_username ));
    $pass=trim(md5 ( $_password ));
    $stmt->bind_param ( 1,  $user);
    $stmt->bind_param ( 2,  $pass);
    /* Execute it */
    $stmt->execute ();
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
    }


    $stmt->fetch($rst);

    echo "results: " . $rst->num_rows; //output of this: results:

    if ($rst->num_rows == 0) {
        throw new AuthLoginFailed ();
    }



    /* Close statement */
    $stmt->close ();

    /* Close connection */
    $db->close ();
}

apache日志中的错误是

[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php

非常感谢大家

【问题讨论】:

    标签: php mysqli bindparam


    【解决方案1】:

    修改为:

    $stmt->bind_param ("ss", $user, $pass); 因为在 bind_param() 中没有定义 1 种数据类型。 bind_param() 将采用两个参数,第一个是类型 (i, d, s, b),在您的查询中对应数据类型(?),第二个参数是值。

    建议是:

    1. 不要与 == 比较空字符串,因为如果用户输入的 3 个空格将不相等。使用 empty() 检查是否为空字符串。

    2. 不要调用不必要的方法,它没有任何意义,例如:在你的代码中你在md5()之后调用trim()md5() 不会返回任何空白字符。所以调用trim(md5($username)) 意义不大。

    尝试用我的代码替换你的代码希望你的问题得到解决。

    public function login($_username, $_password) {
$this->sessionOpen ();

 if (empty($_username)) {
    $this->log->error ( "Username vuoto" );
    throw new AuthLoginFailed ();
}
if (empty($_password)) {
    $this->log->error ( "Password vuota" );
    throw new AuthLoginFailed ();
}

$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
    $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
    throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}

$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss",  $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}


$stmt->fetch($rst);

echo "results: " . $rst->num_rows; //output of this: results:

if ($rst->num_rows == 0) {
    throw new AuthLoginFailed ();
}



/* Close statement */
$stmt->close ();

/* Close connection */
$db->close ();
}

    问题解决后告诉我。

    【讨论】:

    • 它工作,并感谢您的其他提示。我怎么看我的错误是引用,我用'ss'而不是“ss”。
    • 我还发现了另一个错误 bind_result ,在查询中我请求了多个列,我应该指定多个变量,对应于 bind_result 中所需的列。再次感谢
    猜你喜欢
    • 2023-03-27
    • 1970-01-01
    • 1970-01-01
    • 2016-07-19
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-05-02
    • 2015-12-30
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode