Question

即时通过$_post方法将文本字段与php集成有问题，我已经完成了几乎完整的代码，但它在第84行给出了布尔错误

if(mysqli_num_rows ||($run)==0)

我的整个代码是

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<h1 align="center">Registration form</h1>
<form action="registration.php" method="post">
    <table align="center" border="2">
        <tr>
            <td>User name</td>  <td><input type="text" placeholder="username" name="name" /></td>
        </tr>

        <tr>
            <td>Password</td>   <td><input type="password" placeholder="password" name="password" /></td>
        </tr>

        <tr>
            <td>Email</td>  <td><input type="email" placeholder="email" name="email" /></td>
        </tr>

        <tr>
            <td colspan="2" align="center"><input type="submit" value="submit" name="submit" /></td>
        </tr>
    </table>
</form>    
</body>
</html>


<?php
 //connection to database

 $servername = "localhost";
 $db_username = "user_db_users";
 $db_password = "123456789";
 $db_name = "users_db";

 $conn = new mysqli($servername, $db_username, $db_password, $db_name);

 //fatching data from form

if(isset($_POST['submit'])){

    $user_name = $_POST['name'];
    $user_pass = $_POST['password'];
    $user_email = $_POST['email'];


    //validatio form


    if($user_name==''){
        echo "<script>alert('please enter usernmae')</script>";
        exit();
        }

    if($user_pass==''){
        echo "<script>alert('please enter password')</script>";
        exit();
        }   

    if($user_email==''){
        echo "<script>alert('please enter email')</script>";
        exit();
        }

    $check_email = "select * from users where user_email='$user_email'";
    $run = mysql_query($check_email);

    if(mysqli_num_rows ||($run)==0){

        echo "<script>alert('Email $check_email is already exist')</script>";
        exit();
        }

    //Getting values from fields of registration form   

    $query = "insert into users(user_name, user_pass, user_email) values($user_name, $user_pass, $user_email)";

    if(mysql_query($query)){
        echo "<script>alert('registration successful')</script>";
        }
    }
?>

Answer 1

函数mysqli_num_rows()需要一个mysqli_result参数，如果你想让逻辑正常工作，那么测试实际上也是错误的

所以改变

 if(mysqli_num_rows ||($run)==0){

到

if(mysqli_num_rows($run) > 0) {

此查询也将失败

$query = "insert into users(user_name, user_pass, user_email) 
                     values($user_name, $user_pass, $user_email)";

所有文本列变量都应该用这样的引号括起来

$query = "insert into users(user_name, user_pass, user_email) 
                     values('$user_name', '$user_pass', '$user_email')";

但我必须提到你的脚本存在SQL Injection Attack的风险看看Little Bobby Tables偶然发生了什么 if you are escaping inputs, its not safe! 使用prepared parameterized statements

php中使用mysql的php代码中的布尔错误

1 个答案: