有人可以帮我找到解决此错误的方法:
$user_name = "root";
$pass_word = "7172648";
$database = "movies";
$server = "localhost";
$db_handle = @mysqli_connect($server, $user_name, $pass_word);
$db_found = mysqli_select_db($db_handle, $database);
if ($db_found) {
$SQL = "SELECT * FROM user WHERE Username = $name AND Password = $pass";
$result = mysqli_query($db_handle,$SQL);
$num_rows = mysqli_num_rows($result);
//====================================================
// CHECK TO SEE IF THE $result VARIABLE IS TRUE
//====================================================
if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION['login'] = "$name";
header ("Location: index.php");
}
else {
session_start();
$_SESSION['login'] = "";
header ("Location: login.php");
}
}
else {
$errorMessage = "Error logging on";
}
mysqli_close($db_handle);
}
else {
$errorMessage = "Error logging on";
}
我不明白这里有什么问题,如果有人可以提供帮助,那么请尽量提问,如果你不明白,我会尽可能更清楚地解释。< / p>
答案 0 :(得分:-2)
请在代码中找到coments。
$SQL = sprintf("SELECT * FROM user WHERE Username='%s' AND Password='%s'",
mysqli_real_escape_string ($name),
mysqli_real_escape_string ($pass));
//Please note! NEVER insert text received from client into an
//SQL statement without screening it through mysql_real_escape_string
$result = mysqli_query($db_handle,$SQL);
//$num_rows = mysqli_num_rows($result); // NOT HERE!!!
// Because $result might be undefined
// if query is not executed
//====================================================
// CHECK TO SEE IF THE $result VARIABLE IS TRUE
//====================================================
if ($result) {
$num_rows = mysqli_num_rows($result); // HERE! If result definitely present
if ($num_rows > 0) {
session_start();
$_SESSION['login'] = "$name";
header ("Location: index.php");
}
else {
session_start();
$_SESSION['login'] = "";
header ("Location: login.php");
}
}
else {
$errorMessage = "Error logging on";
}