是否有必要在准备语句中预先定义变量?
我有以下准备好的声明:
$stmt = $conn->prepare("SELECT * FROM `users` WHERE user LIKE ? ");
$stmt->bind_param("s", $filtered_form['user']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $user, $pass, $first, $last, $type, $email);
$stmt->fetch();
$stmt->close();
}
if ($pass === $filtered_form['pass']) {
$_SESSION['id'] = $id;
$_SESSION['user'] = $user;
$_SESSION['first'] = $first;
$_SESSION['last'] = $last;
$_SESSION['email'] = $email;
$_SESSION['type'] = $type;
header("Location:index.php");
exit;
} else {
return "Incorrect password";
}
但是 Visual Studio 说存在变量$id, $user, $pass, $first, $last, $type, $email未定义的问题。我添加了这样的变量:
$stmt = $conn->prepare("SELECT * FROM `users` WHERE user LIKE ? ");
$stmt->bind_param("s", $filtered_form['user']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$id = "";
$user = "";
$pass = "";
$first = "";
$last = "";
$type = "";
$email = "";
$stmt->bind_result($id, $user, $pass, $first, $last, $type, $email);
$stmt->fetch();
$stmt->close();
}
然后问题就消失了。在查看 PHP 文档后,我找不到必须首先定义变量的示例,但 Visual Studio 仍然将其显示为错误。知道这是为什么吗?
江户川乱折腾1回答
-
慕森卡
不,当变量通过引用传递时没有必要,这里就是这种情况。所以 Visual Studio 错了。但是,您在这里使用的是过时的技术,并且可以消除这些误报警告并立即减少代码量: $stmt = $conn->prepare("SELECT * FROM `users` WHERE user = ? "); $stmt->bind_param("s", $filtered_form['user']); $stmt->execute(); $row = $stmt->get_result()->fetch_assoc(); if ($row and password_verify($filtered_form['pass'], $row['pass']) { $_SESSION['user'] = $row; header("Location:index.php"); exit; } else { return "Incorrect password"; }正如你所看到的,get_result()给你一个比 更好的结果(双关语不是故意的)store_result(),让你将用户信息存储在单个变量中,所以它不会乱七八糟的$_SESSION数组。并被num_rows()证明是完全无用的(因为它总是发生)。重要提示:您永远不应该以纯文本形式存储密码。始终支持哈希密码。
随时随地看视频慕课网APP
PHP