PHP / MySQL mysql_num_rows没有返回值

时间:2013-01-31 01:52:09

标签: php mysql

我是PHP和编程的新手,但我正在努力进行登录。我已经完成了注册页面,我的数据库填充了记录。但是,当这段代码输出时,它表示我有来自mysql_num_rows($ result)的0行; ...当它输入正确的用户名/密码时应该成功显示1行。无论我是否成功输入用户/通过组合,它都会输出相同的内容。

感谢您提供的任何帮助,代码如下:

$SQL = "SELECT * FROM account WHERE username = $username AND password = md5($password)";
            $result = mysql_query($SQL);
            $num_rows = mysql_num_rows($result);
            echo $result;
            echo $num_rows;

            // CLOSE CONNECTION
            mysql_close($db_handle);

            // COMPARE $num_rows TO SEE IF A SUCCESSFUL LOGIN, THEN DIRECT TO MEMBERS PAGE

            if ($result) {
                if ($num_rows > 0) {
                    session_start();
                    $_SESSION['login'] = "1";
                    header ("Location: page1.php");
                }   
                    else {
                        $error_message = "Login failed.  Please try again.";
                        echo $num_rows;

1 个答案:

答案 0 :(得分:1)

编辑:完成重写

试试这个:

<?php



$host = "host";
$user = "user";
$password = "password";
$database = "database";


$username = 'jack'; /* Insert $_Post [''] here with username variable you pass. You could sanitize and validate with for example filter_var (), clean (), etc */
$password_user = 'password from jack'; // same here.

$link = mysqli_connect($host, $user, $password, $database);
        IF (!$link){
        echo ("Unable to connect to database!");
        }

        ELSE{
$query = "SELECT * FROM account WHERE username ='$username' AND password = md5('$password_user')";
            $result = mysqli_query($link, $query);
            $num_rows = mysqli_num_rows($result);
            $row = mysqli_fetch_array($result, MYSQLI_BOTH);

            // COMPARE $num_rows TO SEE IF A SUCCESSFUL LOGIN, THEN DIRECT TO MEMBERS PAGE

            if ($row) {
                    session_start();
                    $_SESSION['login'] = "1"; // pleae not that 1 is converted into a string value
                    $_SESSION['username'] = $username; // added username, just to test.
                    header ("Location: page1.php");
                }   
                    else {
                        $error_message = "Login failed.  Please try again.";
                        echo $error_message;
                    }
            // CLOSE CONNECTION
            mysqli_close($link);            
        }
?>

示例数据:

CREATE TABLE account (
  id INT auto_increment primary key,
  username VARCHAR(30),
  password VARCHAR(50)
  );


INSERT INTO account(username, password)
VALUES 
("bob", md5('password from bob')), 
("jack", md5('password from jack')), 
('joe', md5('password from joe'));

SQL FIDDLE DEMO

示例第1页

<?php
session_start();
$login = $_SESSION['login'];
$username = $_SESSION['username'];

echo '<h1>It WORKS, <i>'.$username.'</i>!!!</h1>';


?>

需要注意的是,我使用的是MYSQLI库而不是MYSQL库。如果表中有多个列,则应选择每列的输出。例如,$result['id']

我发现你没有在你的SQL语句中输入和输出变量。我必须注意,我没有调试COMPARE $ num_rows下面的部分,如果成功登录,那么直接发送给会员。我想你可以自己管理它。

W.R.T。你必须做更多的工作。我不知道您的数据是如何通过用户登录表单过去的。假设您将使用POST。在这种情况下,您可以从页面顶部开始,首先使用$ _POST检索所有已发布的变量。然后过滤它们以确保您的代码未打开以进行SQL注入。例如。 $username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);

相关问题
最新问题