解决方案:感谢您的帮助,我被指向了错误的数据库。
下面的计数返回0但是当我手动运行它时会有结果。
手动我的意思是复制我的代码回显的SQL并将其粘贴到mySQL命令中。
<?
$host="localhost"; // Host name
$username="userName"; // Mysql username
$password="userPW"; // Mysql password
$db_name="dbName"; // Database name
$tbl_name="userBase"; // Table name
// Connect to server and select databse.
$link=mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$user=$_POST['user'];
$pass=$_POST['pass'];
// To protect MySQL injection (more detail about MySQL injection)
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$salt = substr($pass, 0, 1);
$encrypted_pswd = crypt($pass, $salt);
$sql="SELECT * FROM $tbl_name WHERE user=\"$user\" and pass=\"$encrypted_pswd\";";
echo $sql."<br>";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo "count=".$count."<br>";
?>
答案 0 :(得分:1)
尝试:
$sql = sprintf("SELECT * FROM %s WHERE user='%s' and pass='%s'", $tbl_name, $user, $encrypted_pswd);