{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 干净又极端 的问题《Errors with mysqli php secure login script [closed》','https://www.manongdao.com/q-1032795.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have searched google, read in the PHP manual and tried several tutorials to make a secure login script for mysqli and PHP. Does anyone know of one that actually works without md5?
I would like to see some working code or a tutorial if possible.
Mine won't actually query the db or return a value, even after hardcoding the values into the script... I'm looking for something like:
- connect using the 'connectdb' file
- post the user/pwd from the form
- query db for user/pwd
- set session with username
- etc.
This is my code that doesn't work:
<?php
include ("conectionlink.php");
//connection errors if any...
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$userid = htmlentities($_POST['userid'], ENT_QUOTES);
$password = htmlentities($_POST['password'], ENT_QUOTES);
//create a prepared statement
if ($stmt = $mysqli->prepare("SELECT userid, password FROM admins WHERE userid=? and password=?")) {
// bind parameters-define them...
$stmt->bind_param("is", $userid, $password);
//execute...
$stmt->execute();
// bind result variables
$stmt->bind_result($userid,$password)
//fetch value
$stmt->fetch();
var_dump($userid, $password);
printf("%n is associated with %s", $userid, $password);
/* close statement */
$stmt->close();
}
/* close connection */
$mysqli->close();
?>
I receive the following error message:
According to the PHP documentation for mysqli,
bind_result()syntax should be in one line, rather than performing multiple binds:So, instead of this:
try doing this:
You seem to be treating the
useridcolumn as containing an integer, when I suspect you are really receiving a string. You initialize$useridlike this:Then you use it in a
SELECTand treat it as an integer in yourbind_param()call. So, you're treating it like an integer (which seems unlikely in a$_POSTvariable -- I expect you are really receiving a string username, not an integer ID).You also have a problem with your call to
printf()--%nis not a recognized format. You can see the acceptable formats at thesprintf()manual page.In short, I suspect you are using the wrong column in your
SELECTstatement, and that it is actually supposed to be something likeusername.