我需要测试我的查询是返回1还是0(所以如果有一个匹配输入的密钥)
这是我的代码:
$key=$_POST['key'];
$queryKey = mysql_query("SELECT COUNT(*) FROM `smf_invites` WHERE `key` = '$key'");
$query = mysql_num_rows($queryKey);
if( !empty ($key))
{
echo 'You have entered a key';
if (!empty ($query))
{
echo 'A key is corresponding';
}
}
编辑: $ connect = new mysqli(“XXX”,“XXX”,“XXX”,“smf”);
if (mysqli_connect_errno())
{
printf("Connection failed : %s\n", mysqli_connect_error());
exit();
}
else
{
echo 'Connected to database';
}
$key=$_POST['key'];
if( !empty ($key))
{
echo 'You have entered a key';
$key = mysqli_real_escape_string($_POST['key']);
$queryKey = mysqli_query("SELECT 1 FROM `smf_invites` WHERE `key` = '$key'");
if (mysqli_num_rows($queryKey))
{
echo 'A key is corresponding';
}
}
else
{
echo 'No keys entered';
}
现在我的代码给了我像
这样的错误Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in D:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\data\localweb\registration.php on line 32
Warning: mysqli_query() expects at least 2 parameters, 1 given in D:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\data\localweb\registration.php on line 33
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in D:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\data\localweb\registration.php on line 34
答案 0 :(得分:2)
此代码存在多个问题
$_POST['key'],您将收到PHP通知$queryKey = mysql_query("SELECT COUNT(*) FROM `smf_invites` WHERE `key` = '$key'");将始终返回一行。因此,检查返回的行数将无效。以下是可以解决您的问题的更新代码。
if( isset($_POST['key']))
{
echo 'You have entered a key';
$key = mysql_real_escape_string($_POST['key']);
$queryKey = mysql_query("SELECT 1 FROM `smf_invites` WHERE `key` = '$key'");
if (mysql_num_rows($queryKey))
{
echo 'A key is corresponding';
}
}
Please, don't use mysql_* functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。
您的代码也对SQL injections
开放答案 1 :(得分:2)
与John的回答相结合
根据您新编辑的代码:
mysqli_需要为函数传递DB连接。
变化:
$key = mysqli_real_escape_string($_POST['key']);
为:
$key = mysqli_real_escape_string($connect, $_POST['key']);
或(在那里使用变量$key代替。)
然后是:
$queryKey = mysqli_query("SELECT 1 FROM `smf_invites` WHERE `key` = '$key'");
为:
$queryKey = mysqli_query($connect,
"SELECT 1 FROM `smf_invites` WHERE `key` = '$key'")
or die(mysqli_error($connect));
故障排除/调试
将error reporting添加到文件的顶部,这有助于查找错误。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
另外,or die(mysqli_error($connect))
旁注:错误报告应仅在暂存时完成,而不是生产。
答案 2 :(得分:0)
我为你创建了一个类,并举例说明了这一点。
<?php
class MyDb {
protected $link;
public function __construct() {
if (!$this->link = mysql_connect('localhost', 'user', 'password')) {
echo 'Could not connect to mysql';
exit;
}
if (!mysql_select_db('table_name', $this->link)) {
echo 'Could not select database';
exit;
}
}
public function exist($id) {
if (is_int($id)) {
$sql = "SELECT COUNT(*) FROM smf_invites WHERE `key` = '$id'";
$result = mysql_query($sql, $this->link);
return mysql_num_rows($result);
} else {
return false;
}
}
}
$x = $_POST['key'] = 1;
if(!empty($_POST['key'])) {
$db = new MyDb();
if($db->exist($x)) {
echo "exist";
} else {
echo "no exist";
}
}