Echo数据库用户名称已发布电子邮件

时间:2017-11-14 01:29:15

标签: php mysql post get echo

我尝试在表单上发布电子邮件后从数据库中获取用户名,但是没有显示名称,如果我添加成功消息则表明它已经显示出来工作,但它没有显示我的名字:(



 
<?php

$conn = mysqli_connect("xxx", "xxx", "xxxxxxxx", "xxxxxxx");


$email = $_POST['email_r'];


$sqlr = "SELECT * FROM participantes WHERE email='$email'";
$result = $conn->query($sqlr);


if(!$row = mysqli_fetch_assoc($result)) {
    echo "Email Incorrecto: No se a registrado.";
} else {
    echo "your name is: ->" . $row['name'] . " <- that is it.";
}

?>
&#13;
&#13;
&#13;

1 个答案:

答案 0 :(得分:0)

如果我不得不猜测,我会说你的表没有name列。这个或匹配记录的值为name

这至少可以帮助您查明任何潜在问题并解决您的SQL注入漏洞...... 

<?php
// show any errors
ini_set('display_errors', 'On');

// show all errors
error_reporting(E_ALL);

// make MySQLi throw exceptions
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$conn = mysqli_connect("xxx", "xxx", "xxxxxxxx", "xxxxxxx");

// safely get the request parameter
$email = isset($_POST['email_r']) ? $_POST['email_r'] : null;

// Prepare a statement with a placeholder for the "email" parameter
$stmt = $conn->prepare('SELECT `name` FROM `participantes` WHERE `email` = ?');

// bind the parameter
$stmt->bind_param('s', $email);
$stmt->execute();

// bind results. This seems easier than fetch_assoc IMHO
$stmt->bind_result($name);

// fetch records, if any
if ($stmt->fetch()) {
    echo 'your name is: ->', $name, ' <- that is it.';
} else {
    echo "Email Incorrecto: No se a registrado.";
}

$stmt->close();
相关问题
最新问题