在给出参数后,mysqli_num_rows不起作用

时间:2016-12-08 08:47:37

标签: php mysqli

我试图通过绑定参数来阻止sql注入,但是当我将代码转换为绑定参数时,mysqli_num_rows不再有效。

我有一个简单的电子邮件身份验证,我想针对重复的行检查数据库:

我的代码: 

    $checkDup = "SELECT Email FROM users WHERE Email='{$_POST['Email']}'";
    $resultDup = mysqli_query($db,$checkDup);

    //If not 0 duplicates (another one exists) create an error alert
    if(!mysqli_num_rows($resultDup) == 0){
        echo '<script language="javascript">
                alert("Email Already Exists");
                window.location.href = "Sign Up.php";
            </script>';
        unset($_POST);
    }

绑定后 -

  

我得到的不正确的类型错误:

$checkDup = $db->prepare("SELECT Email FROM users WHERE Email= ?");
$checkDup->bind_param("s", $_POST['Email']);


//If not 0 duplicates (another one exists) create an error alert
if(!mysqli_num_rows($checkDup->execute()) == 0){
    echo '<script language="javascript">
            alert("Email Already Exists");
            window.location.href = "Sign Up.php";
        </script>';
    unset($_POST);
}

1 个答案:

答案 0 :(得分:0)

您需要使用num_rows()

$checkDup = $db->prepare("SELECT Email FROM users WHERE Email= ?");
$checkDup->bind_param("s", $_POST['Email']);
$checkDup->execute();
$checkDup->store_result();


if ($checkDup->num_rows  > 0) {

echo '<script language="javascript">
            alert("Email Already Exists");
            window.location.href = "Sign Up.php";
        </script>';
    unset($_POST);
}

参考:http://php.net/manual/en/mysqli-stmt.num-rows.php

相关问题
最新问题