警告:mysqli_num_rows()期望参数1为mysqli_result,给定布尔值

时间:2014-08-27 22:30:56

标签: php

警告:mysqli_num_rows()期望参数1为mysqli_result,给定布尔值 iam无法登录,上面给出的错误被通知。建议更正。谢谢。 警告:mysqli_num_rows()期望参数1为mysqli_result,给定布尔值 我无法登录,上面给出的错误会被通知。请更正。谢谢。

    <html>
         <head>
             <title>Login page</title>
         </head>
             <style type='text/css'>
                 body{
                       background:url('Login.jpg');
                     }
             </style>
         <body>
             <form method ='post' action='login.php'>
                 <table width='400' border='5' align='center'>
                     <tr>
                         <td colspan='5' align='center'><h1><font color="MediumBlue">Login form</h1></font>
                         </td>

                     </tr>
                     <tr>
                         <td><font color='DarkOrange'>email</font>
                         </td>
                         <td><input type='text' name='email'/></td>
                     </tr>
                     <tr>
                         <td><font color='DarkOrange'>Password</font></td>
                         <td><input type='password' name='pass'/></td>
                     </tr>
                     <tr>
                         <td colspan='5' align='center'><input type='submit' name='login' value='login'/> </td>
                     </tr>
             </form>

                         <font color="LightSalmon"><h2><p style="position: fixed; bottom: 50%; width:100%; text-align: center"> Not registered yet?<a href='registration.php'>Sign up here</a>
                </p><h2></font>




        </body> 
    </html>
<?php
    $connection=mysqli_connect("localhost","root","","user_db");
    if(isset($_POST['login'])){
    $user_Email=$_POST['email'];
    $user_password=$_POST['pass'];

if($user_Email==''){
echo "<script>alert('please enter your email')</script>";
exit();
}

if($user_password==''){
echo "<script>alert('please enter your password')</script>";
exit();
}
    $check_user="select * from users where user_email =='$user_Email' AND user_password =='$user_password'";
    $result= mysqli_query($connection,$check_user);
    $count=mysqli_num_rows($result);
    if ($count==1)
    {

    echo"<script>window.open('welcome.php','_blank')</script>";

    }
    else{
    echo"<script>alert('username or password is incorrect')</script>";
    }
    }

    ?>

2 个答案:

答案 0 :(得分:5)

==中的user_email =='$user_Email' AND user_password =='$user_password'更改为单身=

user_email ='$user_Email' AND user_password ='$user_password'

关于密码存储。你似乎使用纯文本; 不要。 如果您计划使用此功能,那么在被黑客入侵之前只需时间问题,确实

使用CRYPT_BLOWFISH或PHP 5.5&#39; password_hash()功能。对于PHP&lt; 5.5使用password_hash() compatibility pack

另外, use prepared statementsPDO with prepared statements他们更安全

目前,您的现有代码向SQL injection开放。

答案 1 :(得分:0)

可能你应该检查mysqli_query()是否在失败的情况下不返回false - 例如:如果结果为空。

相关问题
最新问题