mysqli num行问题

时间:2013-11-21 05:36:40

标签: php mysqli

这是我得到的警告:

  

警告:mysqli_num_rows()要求参数1为mysqli_result,第10行/home/snissa4/public_html/test.php中给出布尔值

<?php
if(isset($_POST['user']))
{
    //variable declaration 
    $user = $_POST['user'];
    $pass = $_POST['pass'];
    //connect to data base 
    $con=mysqli_connect("engr-cpanel-mysql.engr.illinois.edu","socialdrinkers_b","testing123","socialdrinkers_db");

    if (mysqli_num_rows(mysqli_query($con, "Select * from Drinkers where userID = '$user' AND password = '$pass'")))
    { // correct info
        $result = mysqli_query("SELECT * FROM Drinkers where userID = '$user' AND password = '$pass'");
        while($row = mysqli_fetch_array($result));
        {//cookie implementation
            $expire = time() + 60*60*24; //1 day
            setcookie('idNum', $row['idNum'], $expire); 
            echo "Logged in as <b>".$row['userID']."</b>";
        }
    } 
    else 
    { // wrong info 
        echo "<b>wrong id or pass</b>"; 
    }
}


echo "<form method = 'post'> 
Username: <input type = 'text' name = 'user'>
Password: <input type = 'password' name = 'pass'>
<input type = 'submit' value = 'LOG IN'> 
</form>";

 ?>

我不知道为什么我会收到此警告,当我尝试使用我在数据库中创建的用户名和密码登录时,它只是将我重定向到此页面而不是给出成功消息。我找不到原因。

感谢您的帮助,挣扎于我的cs411(数据库)类lol

3 个答案:

答案 0 :(得分:0)

mysqli_query()返回false。试试echo mysqli_error($con); - 这会告诉您mysqli_query()失败的原因。

正如其他人所指出的那样,您的代码非常容易受到SQL注入攻击。您应该使用预准备语句来解决这个问题。

正如@viakondratiuk指出的,你应该重写你的代码。现在,您执行两次SELECT查询。这只会让您的脚本陷入困境,并且会使维护变得更加困难。

答案 1 :(得分:0)

你应该这样做:

$result = mysqli_query($con, "Select * from Drinkers where userID = '$user' AND password = '$pass'");
$row_cnt = mysqli_num_rows($result);

当然不要忘记sql注射。

您可以阅读this topic以避免它们。

答案 2 :(得分:-1)

你能试试吗,

  $result = mysqli_query("SELECT * FROM Drinkers where userID = '".mysqli_real_escape_string($user)."' AND password = '".mysqli_real_escape_string($pass)."'") or die("Error " . mysqli_error($con));

    if (mysqli_num_rows($result) >0)
    { // correct info
        while($row = mysqli_fetch_array($result));
        {//cookie implementation
            $expire = time() + 60*60*24; //1 day
            setcookie('idNum', $row['idNum'], $expire);
            echo "Logged in as <b>".$row['userID']."</b>";
        }
    }else{ // wrong info
        echo "<b>wrong id or pass</b>";
    }