当前位置: 文江博客话题详情

mysqli 从不返回任何内容

发布于 2024-11-01 17:16:19 字数 1471 浏览 1 评论 0原文

作为 PHP Web 应用程序的一部分,我使用 mysqli 和准备好的语句查询 MySQL 数据库。

我在几个查询中使用了完全相同的代码并且它有效,但在一个特定查询中,它总是返回一个空记录集。我已经从 MySQL 命令行运行了完全相同的查询,并且它正确地返回了结果。我检查了传入的参数,没有问题。

我花了一天的大部分时间试图弄清楚为什么我总是得到一个没有错误或警告的空记录集。我已将 PHP 的错误设置为显示在页面上,并将它们设置为 E_ALL|E_STRICT。我仍然没有收到任何警告或错误。

我已经尝试了所有明显的事情,例如确保我实际上可以连接到数据库,检查传入的参数,并确保我尝试返回的行实际上存在于数据库中。我在整个页面上都使用了 var_dump() 和 die() 来检查返回的内容,并且它始终是合法但空的记录集。

function salt() {
   return("I've removed my salt from this sample code");
}

function openDatabase() {
   $conn = new mysqli("127.0.0.1", "username", "password", "database")
      or die("Error: Could not connect to database.");
   return($conn);
}

function checkUserCredentials($username, $password) {
   $goodPassword = md5(salt().$username.$password);

   $conn = openDatabase();
   $query = $conn->stmt_init();

   $query->prepare("SELECT id FROM users WHERE email = ? AND passwordHash = ?")
      or die('Problem with query');

   $query->bind_param("ss", $username, $goodPassword)
      or die('Error binding parameters');

   $query->execute() or die("Could not execute");
   $query->bind_result($col1) or die ("Could not bind result");

   if ($col1 !== 0) {
      die("Authentication Complete");
   } else {
      die("Authentication Failure! Number of Rows: ".$query->num_rows." Username: " . $username . " Password Hash: " . $goodPassword);
   }
}

如有任何反馈,我们将不胜感激。我确信我错过了一些简单的事情,但如果我不剃光头,我现在就会把头发扯下来。

谢谢

原文

As part of a PHP web application, I'm querying a MySQL database using mysqli and prepared statements.

I've used exactly the same code on a few queries and it works, but on one particular query, it always returns an empty record set. I've run exactly the same query from the MySQL command line, and it correctly returns the result. I've checked the parameters being passed in, and they're fine.

I've spent the best part of a day trying to figure out why I'm always getting an empty record set with no errors or warnings. I've got PHP's errors set to display on the page, and I've got them set to E_ALL|E_STRICT. I still don't get any warnings or errors.

I've tried all the obvious things, like making sure I can actually connect to the database, checking the parameters that are being passed in, and making sure the row I'm trying to return actually exists in the database. I've had var_dump()s and die()s all over the page to check what's coming back, and it's always a legitimate, but empty, recordset.

function salt() {
   return("I've removed my salt from this sample code");
}

function openDatabase() {
   $conn = new mysqli("127.0.0.1", "username", "password", "database")
      or die("Error: Could not connect to database.");
   return($conn);
}

function checkUserCredentials($username, $password) {
   $goodPassword = md5(salt().$username.$password);

   $conn = openDatabase();
   $query = $conn->stmt_init();

   $query->prepare("SELECT id FROM users WHERE email = ? AND passwordHash = ?")
      or die('Problem with query');

   $query->bind_param("ss", $username, $goodPassword)
      or die('Error binding parameters');

   $query->execute() or die("Could not execute");
   $query->bind_result($col1) or die ("Could not bind result");

   if ($col1 !== 0) {
      die("Authentication Complete");
   } else {
      die("Authentication Failure! Number of Rows: ".$query->num_rows." Username: " . $username . " Password Hash: " . $goodPassword);
   }
}

Any feedback is appreciated. I'm sure I'm missing something simple, but if I didn't shave my head I'd be tearing my hair out right now.

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

挽手叙旧 2024-11-08 17:16:19

我不熟悉 mysqli 库(我通常使用 PDO,它提供了非常相似的跨平台 API),所以我无法立即看到任何问题。不过,您可以尝试查看 mysqld 日志。请参阅此处了解信息:

http://dev.mysql.com/ doc/refman/5.1/en/query-log.html

通过跟踪日志,您应该能够看到提交的确切查询。

最后一点,我注意到您使用的是固定的盐值。每次需要时随机生成该值然后将其存储在 users 表中不是更好吗?一般来说,盐并不是为了保密,它只是为了防止人们使用您使用的哈希算法预先计算密码表。

I'm not familiar with the mysqli library (I usually use PDO which provides a very similar cross platform API) so I can't immediately see any problem. However, you might try watching the mysqld log. See here for info:

http://dev.mysql.com/doc/refman/5.1/en/query-log.html

By tailing the log, you should be able to see the exact query that was submitted.

One final note, I notice you're using a fixed salt value. Wouldn't it be better to generate this value randomly each time you need it and then store it in the users table? Generally, a salt is not intended to be secret, it's just there to prevent people precomputing tables of passwords using the hash algorithm that you use.

回复 原文
谁人与我共长歌 2024-11-08 17:16:19

如果其他人遇到类似的问题,如果您在 mysqli_stmt 对象上运行 fetch(),它确实会有所帮助。

在我上面的代码中,解决方案如下所示:

$query->bind_result($col1) or die ("Could not bind result");

$query->fetch(); // <--- How could I forget to do this?

if ($col1 !== 0) {
   return true;
} else {
   return false;
}

代表 OP 添加

In case anyone else runs into similar issues, it really helps if you run fetch() on your mysqli_stmt object.

In my code above, the solution looks like this:

$query->bind_result($col1) or die ("Could not bind result");

$query->fetch(); // <--- How could I forget to do this?

if ($col1 !== 0) {
   return true;
} else {
   return false;
}

Added on behalf of OP

回复 原文
~没有更多了~

关于作者

狼性发作

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文