Question

<?php
session_start();
include_once ('connection.php');

if (isset($_POST['login'])){
    $uemail = $_POST['email'];
    $upassword = $_POST['password'];
 }

    $query = "SELECT * FROM users WHERE email = $uemail and password = $upassword";
    $result = mysqli_query($connection, $query);  


    if(mysql_num_rows($query) == 1){
        $_SESSION['email'] = $email;
        header('Location: newfeeds.php');
        exit();

      }else{
        while ($row = mysql_fetch_assoc($result)) {
        echo $row["email"];
        echo $row["password"];
        }
    }
    ?>

我有php手册它说停止使用sql并替换了sqli但是这不起作用。它抛出了错误。

成功连接致命错误：调用未定义的函数第14行的D：\ XAMPP \ htdocs \ codeinventor \ login.php中的mysql_num_rows（）

Answer 1

将所有mysql_ *函数更改为mysqli_ *函数。

Answer 2

您不能同时使用mysql和mysqli。它们是单独的API，它们创建的资源彼此不兼容。因此，将mysql_*替换为mysqli_*会有所帮助！

Answer 3

我同意所有人都应该将所有mysql_ *函数更改为mysqli_ *函数。

使用mysql API编写代码。请使用以下代码：

<?php
session_start();
include_once ('connection.php');

if ($_SERVER['REQUEST_METHOD'] === 'POST') {

   if ($_POST['email'] != "" AND $_POST['password'] != ""){

      $uemail = $_POST['email'];
      $upassword = $_POST['password'];

      $query = "SELECT * FROM users WHERE email = '$uemail' and password = '$upassword'";

      $result = mysqli_query($connection, $query);

      if(mysql_num_rows($query) == 1){

        $_SESSION['email'] = $email;
        header('Location: newfeeds.php');
        exit();

      }else{

         while ($row = mysql_fetch_assoc($result)) {

           echo $row["email"];
          echo $row["password"];

        } 
      }
   }else{

     echo "mail or password is not valid";
   }

}else{

 echo "The form has been not submitted";

}


    ?>

如果一个用户输入以下字符串作为用户名：

＆＃39;或者喜欢＆＃39;％admin％

您的查询将如下：

  $query = "SELECT * FROM users WHERE email = '' or uid like '%admin%' and password = '$upassword'";

这就是为什么我们告诉你必须将所有mysql_ *函数更改为mysqli_ *函数。

行的PHP登录表单错误

3 个答案: