我的代码

时间:2016-08-13 04:51:57

标签: php html mysqli

  

警告:mysqli_real_escape_string()只需要2个参数,1   在第28行的C:\ xampp \ htdocs \ login2 \ login.php中给出

     

警告:mysqli_real_escape_string()只需要2个参数,1   在第29行的C:\ xampp \ htdocs \ login2 \ login.php中给出

     

警告:mysqli_select_db()期望参数1为mysqli,string   在第31行的C:\ xampp \ htdocs \ login2 \ login.php中给出

     

警告:mysqli_num_rows()期望参数1为mysqli_result,   第35行的C:\ xampp \ htdocs \ login2 \ login.php中给出的字符串

任何人都可以帮我搞清楚吗? 这是我的代码。

    <?php
    session_start(); // Starting Session
    $error=''; // Variable To Store Error Message
    if (isset($_POST['submit'])) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "server1";
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// To protect mysqli injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db("server1", $conn);
// SQL query to fetch information of registerd users and finds user    match.
$query = "select * from account where password='$password' AND username='$username'";
$result = mysqli_query($conn, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($mysqli), E_USER_ERROR);;
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($conn); // Closing Connection
}
}
?>

1 个答案:

答案 0 :(得分:2)

您可以使用程序样式或面向对象样式。由于更加鼓励面向对象的方法,我将展示。

...
$username = $conn->real_escape_string($username);
$password = $conn->real_escape_string($password);
...
$db = $conn->select_db("server1"); //redundant line
...
$result = $conn->query( $query)
$rows = $conn->num_rows($query);
...
$conn->close();

解决这个问题所需要的只是正确检查文档http://php.net/docs.php