我正在尝试使用mysql_fetch_assoc()从我的数据库中检索我的结果,但是当我回显以下(纯白屏幕)时,我似乎没有得到任何结果:
$email_address = $_POST['email_address'];
$password = $_POST['password'];
if(login($email_address, $password)){
$query = mysql_query("SELECT * FROM `users` WHERE `email_address` = '$email_address' AND `password` = '$password'");
$row = mysql_fetch_assoc($query);
echo $row['email_address'];
}else{
echo "Invalid login";
}
答案 0 :(得分:0)
您可以尝试以下内容,
if (isset($_POST['email_address']) && isset($_POST['password'])) {
$email_address = $_POST['email_address'];
$password = $_POST['password'];
//conection:
$con= mysqli_connect("hostname","username","password","database") or die("Error " . mysqli_error($link));
//query:
$query = mysql_query("SELECT * FROM users WHERE users.email_address = '$email_address' AND users.password = '$password'");
//display information:
$row = mysql_fetch_assoc($query);
if($email_address == $row['email_address'] && $password == $row['Password']){
echo $row['email_address'];
}else{
echo "Invalid login";
}
}
答案 1 :(得分:0)
尝试if($query==NULL) {/* handle error */}来捕获连接/数据库错误。
然后
$nrows=mysql_num_rows($query); //get the number of rows returned
if($nrows==0) //no match
else if($nrows==1) //match
else {/*more than 1 rows, probably sql injection */}
也就是说,远离已弃用的MySQL扩展并改为使用MySQLi。如果您打算在任何时间点公开网站,也请hash your passwords,最好是bcrypt。请参阅this video,了解为什么不应使用简单哈希函数(甚至是盐渍函数)来散列密码以及为什么要使用KDF来简要概述。
最后,您的代码对SQL注入开放。 See this question关于如何防范它。
作为旁注,有些人避免做SELECT *,因为
答案 2 :(得分:0)
将您的查询更改为此内容,添加die(mysql_error())以检查您的查询中是否有任何错误:
$email_address = $_POST['email_address'];
$password = $_POST['password'];
if(login($email_address, $password)){
$query = mysql_query("SELECT * FROM `users` WHERE `email_address` = '$email_address' AND `password` = '$password'") or die(mysql_error());
$row = mysql_fetch_assoc($query);
echo $row['email_address'];
} else {
echo "Invalid login";
}