更新时间:2023-02-19 13:50:48
您的问题在这里:
$query = mysqli_query("SELECT * FROM users WHERE Username = ? AND Password = ?");
$userParam = array($_POST["Uname"], $_POST["Pass"]);
$st = $database->prepare($query);
$st->execute($userParam);
prepare
需要一个字符串,mysqli_query
是执行查询的过程函数.删除那个.此外,对于mysqli,您需要首先绑定参数,而不是将其传递给execute()
.
prepare
expects a string, mysqli_query
is a procedural function which executes the query. Remove that. Additionally, with mysqli you need to bind the parameters first, not pass them to execute()
.
$query = "SELECT * FROM users WHERE Username = ? AND Password = ?";
$st = $database->prepare($query);
$st->bindParam("ss",$_POST["Uname"], $_POST["Pass"]);
$st->execute();
这是手册的相关部分:
http://php.net/manual/en/mysqli.prepare.php