mysql_num_rows()期望参数1是资源,给定布尔值

时间:2013-05-30 18:29:10

标签: php mysql parameters

我知道有很多关于此的问题,我一直在寻找我的解决方案的时间,我似乎无法找到我的代码有什么问题,除了看到mysql_query应该改为mysqli_query但是当我改变它它给了我更多的错误信息,我不知道现在还有什么可以尝试。请尽可能帮助,这开始耗费我很多时间。谢谢! (不要批评说“有太多相同的问题”我认为每个人最终都会发布他们的问题,因为他们无法找到他们问题的答案,因为它与其他问题不匹配,至少在我的情况下我在没有成功的问题之前看了一眼。)

 // try get "MySQL link identifier" 
    $dbConn = mysql_connect($serverName, $user_name, $password) or die("Cannot connect to server<br />\n MySQL error ==>" . mysql_errno() . "<== : ==>" . mysql_error() . "<== <br />\n"); 
    print ""; 

// try connect to database 
mysql_select_db($db_name, $dbConn) or die("Cannot connect to database<br />\n MySQL error ==>" . mysql_errno($dbConn) . "<== : ==>" . mysql_error($dbConn) . "<== <br />\n"); 
print "<br />\n"; 


// Retrieve data from database 
$id = $_GET['id'];
$additional_notes = $_GET['additional_notes'];

// update data in mysql database 
$sql=("UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'");
$result = mysql_query($sql) or die(mysql_error());

$resultcount = mysql_affected_rows($result);


if ($resultcount == 1) {

mysql_query("UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'") or die(mysql_error());

} 

// if successfully updated. 
if($result)
{
echo "Update Successful!";
 echo '<h3>Your case has been updated.</h3>'; 
 echo "To see your changes please click <a href='/fullcase.php?id=$id'>here</a></b>";
}
else {
echo "ERROR";
}

?>

2 个答案:

答案 0 :(得分:2)

当传递UPDATE查询时,mysql_query()返回布尔值TRUE表示成功,返回FALSE表示失败,而mysql_num_rows()仅接受结果集资源作为参数。为了确定UPDATE查询影响了多少行,请以连接资源作为参数调用mysql_affected_rows()

它不会导致您现在遇到的问题,但建议您将or die(mysql_error())附加到mysql_query()次调用,以便捕获发生的任何MySQL错误。你会更好地建议放弃mysql_*函数完全支持PHP PDO扩展,如PHP手册中所建议的那样,并且它实际上不会产生更多的认知开销,以换取它提供的巨大好处在能力和安全方面。

暂且不说,这就是我改变代码的方式,使其更像你的想法:

<?php
// obtain a database connection
$dbConn = mysql_connect($serverName, $user_name, $password) 
  or die("Cannot connect to server: " . mysql_error() . "<br />\n"); 
  // mysql error number rarely adds enough information to be worth including

// select the database
mysql_select_db($db_name, $dbConn) 
  or die("Couldn't select $db_name: " . mysql_error() . "<br />\n"); 

// obtain escaped versions of query data for inclusion in update query
// it is imperative to use mysql_real_escape_string() or equivalent if you're
// going to use mysql_* functions instead of the far preferable PDO 
// prepared statements; if you don't escape your data, you leave open the
// possibility of SQL injection, which someone will certainly soon use to
// screw up your website horribly
$id = mysql_real_escape_string($_GET['id']);
$additional_notes = mysql_real_escape_string($_GET['additional_notes']);

// assemble query to pass to mysql_query()
// no need for parentheses around the string; in fact i'm surprised that
// didn't result in a parse error
// also FYI re backticks, MySQL uses them to denote literal database/table/
// column names -- they're optional unless required to disambiguate between
// an entity name and a reserved word. for example, you can create a table
// containing a column named 'key', which is a MySQL reserved word, but you
// thereafter must refer to that column as `key`, with backticks, in any
// queries, to hint to MySQL's parser that you mean the column by that name
// and not the reserved word; otherwise, it's a parse error.
$sql = "UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'";

// actually run the query
// this being an UPDATE query, the result is boolean and offers no 
// additional useful information, so you need not capture it in a variable; 
// the 'or die' clause will fire if it's false, and if it's true, you'll 
// use mysql_affected_rows() to get the additional info you need.
mysql_query($sql)
  or die(mysql_error());

// if the query failed, the script die()d on the previous line and didn't 
// get here; if it did get here, you know the query succeeded
$resultcount = mysql_affected_rows($dbConn);

// this is technically correct but semantically odd; since you already included
// the 'additional_notes' value in the previous UPDATE query, and since
// that query certainly succeeded if we're evaluating this code at all, 
// why run the same query again?
if ($resultcount == 1) {
  mysql_query("UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'") 
    or die(mysql_error());
} 

// again, the 'or die' clauses mean that we can only have reached this point
// if the queries succeeded, so there's no need for an if() test here
echo "Update Successful!";
echo '<h3>Your case has been updated.</h3>'; 
// note the backslashes before the embedded double quotes; single quotes in
// tag attributes are technically invalid but most browsers will accept them,
// but you can use double quotes within a double-quoted string if you precede
// the embedded quotes with backslashes (called "escaping") to indicate that
// they're not to be taken as the end of the string
// (i.e., "\"\"" == '""')
echo "To see your changes please click <a href=\"/fullcase.php?id=$id\">here</a></b>";
?>

答案 1 :(得分:-1)

珊,

虽然这不会解决所有错误。它有很多有用的注释,可以帮助您了解确切的问题。你能执行这个并让我知道你实际看到了什么吗?

// try get "MySQL link identifier" 
$dbConn = mysql_connect($serverName, $user_name, $password) or die("Cannot connect to server<br />\n MySQL error ==>" . mysql_errno() . "<== : ==>" . mysql_error() . "<== <br />\n"); 
print ""; 

// try connect to database 
mysql_select_db($db_name, $dbConn) or die("Cannot connect to database<br />\n MySQL error ==>" . mysql_errno($dbConn) . "<== : ==>" . mysql_error($dbConn) . "<== <br />\n"); 
print "<br />\n"; 


// Retrieve data from database 
$id = $_GET['id'];
$additional_notes = $_GET['additional_notes'];

// Assuming id is always numeric you could sanitize and validate it like below
$id = intval($_GET['id']);
if( $id<=0 ){
  // Let user know or redirect to a page when id is not present
  // Or even better do not run the queries at all
}

// update data in mysql database 
//$sql=("UPDATE `rmstable2` SET `additional_notes` = '$additional_notes' WHERE `id` = '$id'");

// Escape strings; you could try something like this
$sql=("UPDATE `rmstable2` SET `additional_notes` = '" . mysql_escape_string($additional_notes) . "' WHERE `id` = '$id'");

//仅用于调试(更好的做法是使用error_log) echo'

SQL: ' . $sql . '
'; 

$result = mysql_query($sql);

if($result){
  //$resultcount = mysql_num_rows($result);

  // Instead
  $resultcount = mysql_affected_rows($result);

  if ($resultcount == 1) {

    mysql_query("UPDATE `rmstable2` SET 
                                  `additional_notes` = '$additional_notes'

                               WHERE `id` = '$id'") 

       or die(mysql_error());

  }else{
    // Nothing was updated
    // maybe rows didn't match?
    echo "No data was updated.";
  }
}else{
  // mysql_query returned FALSE
  // There must be an error
  echo "DB Error: " . mysql_error();
}
// if successfully updated. 
if($result){
  echo "Update Successful!";
 echo '<h3>Your case has been updated.</h3>'; 
 echo "To see your changes please click <a href='/fullcase.php?id=$id'>here</a></b>";
}else {
  echo "ERROR";
}
相关问题
最新问题