有人能解释一下为什么这会给我一个500内部服务器错误吗?我试着添加一些sql注入保护,我不确定我做错了什么。我应该用面向对象的方式而不是过程式的方式来做这件事吗?
<?php
$conn = mysqli_connect($host, $user, $pwd)or die("Error connecting to database.");
mysqli_select_db($conn, $db) or die("Couldn't select the database.");
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = mysqli_stmt_init($conn);
$query = "SELECT * FROM Users WHERE email=? AND password=?";
mysqli_stmt_prepare($stmt, $query) or die("Failed to prepare statement.");
mysqli_stmt_bind_param($stmt, "ss", $username, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$count = mysqli_num_rows($result);
if($count == 1){
//Log in successful
}
else {
//Wrong Username or Password
}
mysqli_close($conn);
?>
mysqli_stmt_get_result在PHP 5.3中可用,但我正在运行5.1。另外,必须安装mysqlnd驱动程序才能使此调用工作。
更多信息请参见调用未定义方法mysqli_stmt::get_result