mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

心已入冬 提交于 2021-02-05 09:48:02

问题


I am They try to use mysqli :: bind_param unsuccessfully . In the code , below , the function login ( ) is called with a username and password on the page login.php . Despite all efforts and guides and forums have read , continues to return the same error .

I tried both with

bind_param ( 's' , $ variable )

that with

bind_param ( 1 , $ variable )

that with

bind_param ( 'ss' , $ variable1 , $ variable2 )

and i tried query without ''

"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"

Where am I wrong ?

public function login($_username, $_password) {
    $this->sessionOpen ();

     if ($_username == "") {
        $this->log->error ( "Username vuoto" );
        throw new AuthLoginFailed ();
    }
    if ($_password == "") {
        $this->log->error ( "Password vuota" );
        throw new AuthLoginFailed ();
    }

    $db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
    if (mysqli_connect_errno ()) {
        $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
        throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
    }

    $stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
    }
    echo md5 ( $_username ) . "---" . md5 ( $_password );
    //on page username and password is showed at this point
    $user=trim(md5 ( $_username ));
    $pass=trim(md5 ( $_password ));
    $stmt->bind_param ( 1,  $user);
    $stmt->bind_param ( 2,  $pass);
    /* Execute it */
    $stmt->execute ();
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
    }


    $stmt->fetch($rst);

    echo "results: " . $rst->num_rows; //output of this: results:

    if ($rst->num_rows == 0) {
        throw new AuthLoginFailed ();
    }



    /* Close statement */
    $stmt->close ();

    /* Close connection */
    $db->close ();
}

Error in the log of apache is

[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php

Many thanks to all


回答1:


Modification is:

$stmt->bind_param ( "ss", $user, $pass); because 1 data type is not defind in bind_param (). bind_param() will take two arguments 1st one is types (i, d, s, b) corresponding datatype in your query(?) and 2nd arg are values.

Suggestion's are:

  1. Don't compare with ==, for empty string because if user enter's 3 white spaces it will not equal. use empty() for checking empty string or not.

  2. Don't call unnecessary methods, it does not have any meaning, for eg: in your code your calling trim() after md5(). md5() will not return any white space character. So calling trim(md5($username)) is meaning less.

Try to replace your code with my code hope your problem is solved.

public function login($_username, $_password) {
$this->sessionOpen ();

 if (empty($_username)) {
    $this->log->error ( "Username vuoto" );
    throw new AuthLoginFailed ();
}
if (empty($_password)) {
    $this->log->error ( "Password vuota" );
    throw new AuthLoginFailed ();
}

$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
    $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
    throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}

$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss",  $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}


$stmt->fetch($rst);

echo "results: " . $rst->num_rows; //output of this: results:

if ($rst->num_rows == 0) {
    throw new AuthLoginFailed ();
}



/* Close statement */
$stmt->close ();

/* Close connection */
$db->close ();
}

Let me know once your problem is solved.



来源:https://stackoverflow.com/questions/33315537/mysqli-stmtbind-param-number-of-variables-doesnt-match-number-of-parameter

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!