<?php
session_start();
if(isset($_POST['submit'])){
//
$user = $_POST['username'];
$pwrd = $_POST['pwrd'];
//include database connection
include('../includes/db_connect.php');
if(empty($user) || empty($pwrd)){
echo 'Missing Information';
}else{
$user = strip_tags($user);
$user = $db->real_escape_string($user);
$pwrd = strip_tags($pwrd);
$pwrd = $db->real_escape_string($pwrd);
$pwrd = md5($pwrd);
$query = $db->query("SELECT user_id, username FROM user WHERE username='$user' AND password='$pwrd'");
if ($query->num_rows === 1){ // line 18
while($row = $query->fetch_object()){
$_SESSION['user_id'] = $row->user_id;
}
header('Location: index.php');
exit();
}else{
echo 'Missing Information';
}
}
}
?>
我在&#34中遇到错误; if($ query-&gt; num_rows === 1)&#34;当正确输入用户名和密码时,无法设置登录页面以将我引导至索引页面。但是如果它被错误地输入,那么else语句就可以了。
答案 0 :(得分:1)
如果您正在尝试检查Statement是否等于1,那么最好只使用'=='而不是'===',因为它也会检查数据类型...
最好的问候。
答案 1 :(得分:0)
更新了......完整
<?php
session_start();
if(isset($_POST['submit'])){
//
$user = $_POST['username'];
$pwrd = $_POST['pwrd'];
if(empty($user) || empty($pwrd)){
echo 'Missing Information';
}else{
//include database connection
include('../includes/db_connect.php');
$user = strip_tags($user);
$user = $db->real_escape_string($user);
$pwrd = strip_tags($pwrd);
$pwrd = $db->real_escape_string($pwrd);
$pwrd = md5($pwrd);
$sql = "SELECT user_id, username FROM user WHERE username='$user' AND password='$pwrd'";
if ($db->query($sql)) {
while($row = $sql->fetch_object()){
$_SESSION['user_id'] = $row->user_id;
}
mysqli_free_result($sql);
session_write_close();
header('Location: index.php');
exit();
}else{
echo 'Username or password is incorrect';
}
}
}
?>
答案 2 :(得分:0)
根据documentation $db->query失败时返回false。在这种情况下,$query将为false,而不是对象,因此$query->num_rows正在尝试将num_rows属性设置为false,从而导致错误。
处理这种情况的一种方法是将调用包装在if:
中if ($query = $db->query("SELECT user_id, username FROM user WHERE username='$user' AND password='$pwrd'")) {
if ($query->num_rows === 1){
while($row = $query->fetch_object()){
$_SESSION['user_id'] = $row->user_id;
}
} else {
// handle the error
}