各位新人大家好，

我试图弄清楚为什么我的代码在我的 $loginresult 不 = 1 时返回“登录成功”。这是我第一次尝试使用我的登录系统实现准备好的语句以避免 SQL 注入，并且很好奇是否问题在于我是如何写的。

我可以肯定地说，当我成功登录时，我的值为 1，不成功则为 5。

每当它是 5 时，它仍然返回与 1 应该返回的相同的回显。

感谢大家的时间和耐心。

<?php session_start(); ?>

<!DOCTYPE html>

<head>

  <title>Login</title>

</head>

<body>

<?php

include('config.php');

$conn = sqlsrv_connect($serverName, $conn_array);

  $myparams['username'] = $_POST['username'];

  $myparams['password'] = $_POST['password'];

      // All checks done already (including password check). Begin building prepare statement.

    $sql = "SET ANSI_NULLS ON

    SET QUOTED_IDENTIFIER ON

    SET CONCAT_NULL_YIELDS_NULL ON

    SET ANSI_WARNINGS ON

    SET ANSI_PADDING ON

    exec LoginScript @in_accountname=?,@in_password=?

    ";

//Array for prep

$procedure_params = array(

        array(&$myparams['username'], SQLSRV_PARAM_IN),

        array(&$myparams['password'], SQLSRV_PARAM_IN)

);

/* Prepare the statement. */

if( $stmt = sqlsrv_prepare( $conn, $sql, $procedure_params))

{

     // echo "Statement was successfully prepared.\n";

} 

else

{

      echo "Statement could not be prepared.\n";

     // ( print_r( sqlsrv_errors(), true)); ACTIVATE ONLY FOR DEBUGGING TO PREVENT HELPING SQL INJECTORS

}

/* Execute the statement. */

if( sqlsrv_execute( $stmt))

{

     // echo " Statement executed.\n";

}

else

{

      echo " Unable to execute prepared statement!\n";

     // ( print_r( sqlsrv_errors(), true));

}

//checkuser

$result = sqlsrv_prepare( $conn, $sql, $procedure_params);

$info=sqlsrv_fetch_array($stmt);

$LoginResult = $info;

//Login Success

if (!$LoginResult=1)

{

    echo "Login DEAD.";

    echo "Login Result: ".$info[0]."\n"; 

}else{

    echo "Login Successful.";

    echo "Login Result: ".$info[0]."\n"; 

}

/* Free the statement and connection resources. */

sqlsrv_free_stmt($stmt);

sqlsrv_close($conn);

?>```