这是我得到的警告:
警告:mysqli_num_rows()要求参数1为mysqli_result,第10行/home/snissa4/public_html/test.php中给出布尔值
<?php
if(isset($_POST['user']))
{
//variable declaration
$user = $_POST['user'];
$pass = $_POST['pass'];
//connect to data base
$con=mysqli_connect("engr-cpanel-mysql.engr.illinois.edu","socialdrinkers_b","testing123","socialdrinkers_db");
if (mysqli_num_rows(mysqli_query($con, "Select * from Drinkers where userID = '$user' AND password = '$pass'")))
{ // correct info
$result = mysqli_query("SELECT * FROM Drinkers where userID = '$user' AND password = '$pass'");
while($row = mysqli_fetch_array($result));
{//cookie implementation
$expire = time() + 60*60*24; //1 day
setcookie('idNum', $row['idNum'], $expire);
echo "Logged in as <b>".$row['userID']."</b>";
}
}
else
{ // wrong info
echo "<b>wrong id or pass</b>";
}
}
echo "<form method = 'post'>
Username: <input type = 'text' name = 'user'>
Password: <input type = 'password' name = 'pass'>
<input type = 'submit' value = 'LOG IN'>
</form>";
?>
我不知道为什么我会收到此警告,当我尝试使用我在数据库中创建的用户名和密码登录时,它只是将我重定向到此页面而不是给出成功消息。我找不到原因。
感谢您的帮助,挣扎于我的cs411(数据库)类lol
答案 0 :(得分:0)
mysqli_query()
返回false。试试echo mysqli_error($con);
- 这会告诉您mysqli_query()
失败的原因。
正如其他人所指出的那样,您的代码非常容易受到SQL注入攻击。您应该使用预准备语句来解决这个问题。
正如@viakondratiuk指出的,你应该重写你的代码。现在,您执行两次SELECT
查询。这只会让您的脚本陷入困境,并且会使维护变得更加困难。
答案 1 :(得分:0)
你应该这样做:
$result = mysqli_query($con, "Select * from Drinkers where userID = '$user' AND password = '$pass'");
$row_cnt = mysqli_num_rows($result);
当然不要忘记sql注射。
您可以阅读this topic以避免它们。
答案 2 :(得分:-1)
你能试试吗,
$result = mysqli_query("SELECT * FROM Drinkers where userID = '".mysqli_real_escape_string($user)."' AND password = '".mysqli_real_escape_string($pass)."'") or die("Error " . mysqli_error($con));
if (mysqli_num_rows($result) >0)
{ // correct info
while($row = mysqli_fetch_array($result));
{//cookie implementation
$expire = time() + 60*60*24; //1 day
setcookie('idNum', $row['idNum'], $expire);
echo "Logged in as <b>".$row['userID']."</b>";
}
}else{ // wrong info
echo "<b>wrong id or pass</b>";
}