您的问题在这里:

    $query = mysqli_query("SELECT * FROM users WHERE Username = ? AND Password = ?");

    $userParam = array($_POST["Uname"], $_POST["Pass"]);
    $st = $database->prepare($query);
    $st->execute($userParam);

prepare需要一个字符串，mysqli_query是执行查询的过程函数.删除那个.此外，对于mysqli，您需要首先绑定参数，而不是将其传递给execute().

prepare expects a string, mysqli_query is a procedural function which executes the query. Remove that. Additionally, with mysqli you need to bind the parameters first, not pass them to execute().

$query = "SELECT * FROM users WHERE Username = ? AND Password = ?";

$st = $database->prepare($query);
$st->bindParam("ss",$_POST["Uname"], $_POST["Pass"]);    
$st->execute();

这是手册的相关部分:

http://php.net/manual/en/mysqli.prepare.php

http://php.net/manual/en/mysqli- stmt.bind-param.php

http://php.net/manual/en/mysqli-stmt. execute.php