存储数据库中的数据[mysql_num_rows]

时间:2012-10-14 03:19:35

标签: php mysql-num-rows

所以我有这个代码将项目从数据库传递到我的订单表。当我回应会话时。会话变量包含一些东西,所以没有问题。但是当我在numrows下回显这些变量时,它只显示任何内容。有什么不对吗?

<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();
require("connect.php");
$UserID = $_SESSION['CustNum'];
$UserN = $_SESSION['UserName'];

        $ProdGTotal = $_SESSION['ProdGTotal'];

        $queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'");
        $numrows = mysql_num_rows($queryord);

        if(numrows == 1){
            $row = mysql_fetch_assoc($queryord)or die ('Unable to run query:'.mysql_error()); // fetch associated: get function from a query for a database
            $dbstreet = $row['Street']; 
            $dhousenum = $row['HouseNum']; 
            $dbcnum = $row['CelNum']; 
            $dbarea = $row['Area'];
            $dbbuilding = $row['Building'];
            $dbcity = $row['City'];
            $dbpnum = $row['PhoneNum'];
            $dbfname = $row['FName'];
            $dblname = $row['LName'];

        }
        else
        die(mysql_error());

        $query4=mysql_query("INSERT INTO orderdetails VALUES ('', '$UserID', Now(), '$dbhousenum', '$dbstreet', '$dbarea', '$dbbuilding', '$dbcity',     '$dbfname', '$dblname', '$dbcnum', '$dbpnum', '$ProdGTotal')",$connect);

            if ($query4){

            header("location:index.php");

            }
            else
        die(mysql_error());


?>

2 个答案:

答案 0 :(得分:0)

if(numrows == 1) => if($numrows == 1){

答案 1 :(得分:0)

首先输入

if(numrows == 1){

而是变量:

if($numrows == 1){

而不是检查用户,你可以:

$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'");    
$numrows = mysql_num_rows($queryord);

用作:

$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");    
$numrows = mysql_num_rows($queryord);

因为你想要获取一个用户,但是因为你没有被转义而失败了:

$UserN = mysql_real_escape_string($UserN);
$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");    
$numrows = mysql_num_rows($queryord);

您应该以更好的方式编写代码,并查看有关如何获取数据的stackoverflow的最佳实践示例。查看阻止SQL注入和漏洞的最佳实践。

此网站上显示了示例:How can I prevent SQL injection in PHP?