我有以下准备好的声明: $stmt = $conn->prepare("SELECT * FROM `users` WHERE user LIKE ? "); $stmt->bind_param("s", $filtered_form['user']); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 0) { $stmt->bind_result($id, $user, $pass, $first, $last, $type, $email); $stmt->fetch(); $stmt->close(); } if ($pass === $filtered_form['pass']) { $_SESSION['id'] = $id; $_SESSION['user'] = $user; $_SESSION['first'] = $first; $_SESSION['last'] = $last; $_SESSION['email'] = $email; $_SESSION['type'] = $type; header("Location:index.php"); exit; } else { return "Incorrect password"; }但是 Visual Studio 说存在变量$id, $user, $pass, $first, $last, $type, $email未定义的问题。我添加了这样的变量: $stmt = $conn->prepare("SELECT * FROM `users` WHERE user LIKE ? "); $stmt->bind_param("s", $filtered_form['user']); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 0) { $id = ""; $user = ""; $pass = ""; $first = ""; $last = ""; $type = ""; $email = ""; $stmt->bind_result($id, $user, $pass, $first, $last, $type, $email); $stmt->fetch(); $stmt->close(); }然后问题就消失了。在查看 PHP 文档后,我找不到必须首先定义变量的示例,但 Visual Studio 仍然将其显示为错误。知道这是为什么吗?
1 回答
慕森卡
TA贡献1806条经验 获得超8个赞
不,当变量通过引用传递时没有必要,这里就是这种情况。所以 Visual Studio 错了。
但是,您在这里使用的是过时的技术,并且可以消除这些误报警告并立即减少代码量:
$stmt = $conn->prepare("SELECT * FROM `users` WHERE user = ? ");
$stmt->bind_param("s", $filtered_form['user']);
$stmt->execute();
$row = $stmt->get_result()->fetch_assoc();
if ($row and password_verify($filtered_form['pass'], $row['pass']) {
$_SESSION['user'] = $row;
header("Location:index.php");
exit;
} else {
return "Incorrect password";
}
正如你所看到的,get_result()给你一个比 更好的结果(双关语不是故意的)store_result(),让你将用户信息存储在单个变量中,所以它不会乱七八糟的$_SESSION数组。
并被num_rows()证明是完全无用的(因为它总是发生)。
重要提示:您永远不应该以纯文本形式存储密码。始终支持哈希密码。
- 1 回答
- 0 关注
- 125 浏览
添加回答
举报
0/150
提交
取消