我有一个执行PHP脚本的IOS应用程序,但当我在浏览器和IOS中测试时,我从PHP脚本调用返回空字符串:
PHP版本为5.2
这是我正在调用的url:
http://hugt.co.uk/checkUserVerification.php?Email=tp_redo_c@hotmail.com&密码=ULLAFI01
但返回的值是空字符串。脚本好吗?还是我在哪里出错了?
我使用其他函数来调用MYSQL,但为了检查SQL注入,我对这些函数进行了注释,所以我不熟悉我使用的代码。
PHP代码:
<?php
include "connect.php";
$email = $_REQUEST["Email"];
$password = $_REQUEST["Password"];
$verificationCode = null;
if(isset($_REQUEST['Verification'])){
$verificationCode = $_REQUEST["Verification"];
}
$hasBeenVerified = 0;
$stmt = $mysqli->prepare("SELECT U_Verified, U_ID FROM U_User WHERE U_Email = ? AND U_Password = ?");
$stmt->bind_param("ss", $email, $password);
$stmt->execute();
//$stmt->bind_result($district);
//$stmt->fetch();
$result = $stmt->get_result();
$myrow = $result->fetch_assoc();
$stmt->close();
if($myrow){
$hasBeenVerified = $myrow['U_Verified'];
if($hasBeenVerified == 1){
echo $myrow['U_ID'];
exit();
}else{
if($verificationCode != null){
$stmt = $mysqli->prepare("SELECT U_VerificationCode, U_ID FROM U_User WHERE U_Email = ? AND U_Password = ?");
$stmt->bind_param("ss", $email, $password);
$stmt->execute();
$result2 = $stmt->get_result();
$myrow2 = $result2->fetch_assoc();
$stmt->close();
if($myrow2['U_VerificationCode'] == $verificationCode){
$stmt = $mysqli->prepare("UPDATE U_User SET U_Verified = true WHERE U_Email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result3 = $stmt->get_result();
//$myrow3 = $result2->fetch_assoc();
$stmt->close();
if($result3){
echo $myrow2['U_ID'];
exit();
}else{
echo 'server error';
exit();
}
}else{
echo 'invalid verification';
exit();
}
}else{
echo 'no verification';
exit();
}
}
}else{
echo 'not registered';
exit();
}
/**$hasBeenVerified = 0;
$qryCheck = "SELECT U_Verified, U_ID FROM U_User WHERE U_Email = '$email' AND U_Password = '$password'";
$resultCheck = mysqli_query($conn, $qryCheck);
$num_rows = mysqli_num_rows($resultCheck);
if($num_rows > 0){
$row = mysqli_fetch_row($resultCheck);
$hasBeenVerified = $row[0];
if($hasBeenVerified == 1){
echo $row[1];
exit();
}else{
if($verificationCode != null){
$qryCheck2 = "SELECT U_VerificationCode, U_ID FROM U_User WHERE U_Email = '$email' AND U_Password = '$password'";
$resultCheck2 = mysqli_query($conn, $qryCheck2);
$row2 = mysqli_fetch_row($resultCheck2);
if($row2[0] == $verificationCode){
$updateRecordVerified = 'UPDATE U_User SET U_Verified = true WHERE U_Email = "$email"';
$resultCheck3 = mysqli_query($conn, $updateRecordVerified);
if($resultCheck3){
echo $row2[1];
exit();
}else{
echo 'server error';
exit();
}
}else{
echo 'invalid verification';
exit();
}
}else{
//echo 'hhh' . $row[0];
echo 'no verification';
exit();
}
}
}else{
echo 'not registered';
exit();
}
mysqli_close($conn);**/
$mysqli->close();
?>
<?php
include "connect.php";
$email = $_REQUEST["Email"];
$password = $_REQUEST["Password"];
$verificationCode = null;
if(isset($_REQUEST['Verification'])){
$verificationCode = $_REQUEST["Verification"];
}
$hasBeenVerified = 0;
$stmt = $mysqli->prepare("SELECT U_Verified, U_ID FROM U_User WHERE U_Email = ? AND U_Password = ?");
$stmt->bind_param("ss", $email, $password);
$stmt->execute();
$stmt->bind_result($verified, $uId);
$stmt->fetch();
$stmt->close();
if($uId){
$hasBeenVerified = $verified;
if($hasBeenVerified == 1){
echo $uId;
exit();
}else{
if($verificationCode != null){
$stmt = $mysqli->prepare("SELECT U_VerificationCode, U_ID FROM U_User WHERE U_Email = ? AND U_Password = ?");
$stmt->bind_param("ss", $email, $password);
$stmt->execute();
$stmt->bind_result($codeVerification, $uId2);
$stmt->fetch();
$stmt->close();
if($codeVerification == $verificationCode){
$stmt = $mysqli->prepare("UPDATE U_User SET U_Verified = true WHERE U_Email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->close();
echo $uId;
exit();
}else{
echo 'invalid verification';
exit();
}
}else{
echo 'no verification';
exit();
}
}
}else{
echo 'not registered';
exit();
}
$mysqli->close();
?>