mysqli_stmt::bind_param():变量的数量与准备好的语句中的参数数量不匹配

Posted

技术标签:

【中文标题】mysqli_stmt::bind_param():变量的数量与准备好的语句中的参数数量不匹配【英文标题】:mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement 【发布时间】:2016-01-23 18:27:27 【问题描述】:

我是他们尝试使用 mysqli :: bind_param 失败。在下面的代码中,函数login ( ) 在页面login.php 上使用usernamepassword 调用。尽管所有的努力和指南和论坛已经阅读,继续返回相同的错误。

我都试过了

bind_param ( 's' , $ variable )

那与

bind_param ( 1 , $ variable )

那与

bind_param ( 'ss' , $ variable1 , $ variable2 )

我尝试了不带''的查询

"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"

我哪里错了?

public function login($_username, $_password) 
    $this->sessionOpen ();

     if ($_username == "") 
        $this->log->error ( "Username vuoto" );
        throw new AuthLoginFailed ();
    
    if ($_password == "") 
        $this->log->error ( "Password vuota" );
        throw new AuthLoginFailed ();
    

    $db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
    if (mysqli_connect_errno ()) 
        $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
        throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
    

    $stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
    if (! $stmt) 
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
    
    echo md5 ( $_username ) . "---" . md5 ( $_password );
    //on page username and password is showed at this point
    $user=trim(md5 ( $_username ));
    $pass=trim(md5 ( $_password ));
    $stmt->bind_param ( 1,  $user);
    $stmt->bind_param ( 2,  $pass);
    /* Execute it */
    $stmt->execute ();
    if (! $stmt) 
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
    


    $stmt->fetch($rst);

    echo "results: " . $rst->num_rows; //output of this: results:

    if ($rst->num_rows == 0) 
        throw new AuthLoginFailed ();
    



    /* Close statement */
    $stmt->close ();

    /* Close connection */
    $db->close ();

apache日志中的错误是

[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php

非常感谢大家

【问题讨论】:

【参考方案1】:

修改为:

$stmt->bind_param ("ss", $user, $pass); 因为在 bind_param() 中没有定义 1 种数据类型。 bind_param() 将采用两个参数,第一个是类型 (i, d, s, b),在您的查询中对应数据类型(?),第二个参数是值。

建议是:

    不要与 == 比较空字符串,因为如果用户输入的 3 个空格将不相等。使用 empty() 检查是否为空字符串。

    不要调用不必要的方法,它没有任何意义,例如:在你的代码中你在md5()之后调用trim()md5() 不会返回任何空白字符。所以调用trim(md5($username)) 意义不大。

尝试用我的代码替换你的代码希望你的问题得到解决。

public function login($_username, $_password) 
$this->sessionOpen ();

 if (empty($_username)) 
    $this->log->error ( "Username vuoto" );
    throw new AuthLoginFailed ();

if (empty($_password)) 
    $this->log->error ( "Password vuota" );
    throw new AuthLoginFailed ();


$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) 
    $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
    throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );


$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) 
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );

echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss",  $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) 
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );



$stmt->fetch($rst);

echo "results: " . $rst->num_rows; //output of this: results:

if ($rst->num_rows == 0) 
    throw new AuthLoginFailed ();




/* Close statement */
$stmt->close ();

/* Close connection */
$db->close ();

问题解决后告诉我。

【讨论】:

它工作,并感谢您的其他提示。我怎么看我的错误是引用,我用'ss'而不是“ss”。 我还发现了另一个错误 bind_result ,在查询中我请求了多个列,我应该指定多个变量,对应于 bind_result 中所需的列。再次感谢

以上是关于mysqli_stmt::bind_param():变量的数量与准备好的语句中的参数数量不匹配的主要内容,如果未能解决你的问题,请参考以下文章

mysqli_stmt::bind_param():类型定义字符串中的元素数与绑定变量数不匹配

call_user_func_array() - 警告:mysqli_stmt::bind_param():变量数与准备语句中的参数数不匹配

绑定布尔值的 bind_param 问题

mysqli bind_param() 应该是一个参考,给定的值

使用准备好的语句的 PHP 注册脚本