我得到这个未捕获的错误:调用未定义的函数mysql_num_rows()

时间:2017-12-10 18:04:40

标签: php mysqli

所以,我收到了这个错误。 

Call to undefined function mysql_num_rows()

该错误的解决方案是什么?我是这种环境的新手,我想了解更多。 

                        $name = $_POST["name"];
                             $surname = $_POST["surname"];
                       $address = $_POST["address"];

       List item
       $username = $_POST["username"];
                 $password = $_POST["password"];
    $confirm_password = $_POST["confirm_password"];
       if ((empty($username))) { 
       $response = new usr();
       $response->success = 0;
       $response->message = "Kolom username tidak boleh kosong"; 
       die(json_encode($response));    } else if ((empty($password))) { 
       $response = new usr();
       $response->success = 0;
       $response->message = "Kolom password tidak boleh kosong"; 
       die(json_encode($response));    } else if ((empty($confirm_password)) || $password != $confirm_password) { 
       $response = new usr();
       $response->success = 0;
       $response->message = "Konfirmasi password tidak sama"; 
       die(json_encode($response));
     } else {
       if (!empty($username) && $password == $confirm_password){
           $num_rows = mysql_num_rows(mysql_query("SELECT * FROM resident WHERE     username='".$username."'"));

           if ($num_rows == 0){
               $query = mysql_query("INSERT INTO resident (id,name, surname, address, contactno, username, password)   
VALUES(0,'".$name."','".$surname."','".$address."','".$contactno."','".$username."','".$password."')");

               if ($query){
                   $response = new usr();
                   $response->success = 1;
                   $response->message = "Register berhasil, silahkan login.";
                   die(json_encode($response));

               } else {
                   $response = new usr();
                   $response->success = 0;
                   $response->message = "Username sudah ada";
                   die(json_encode($response));
               }
           } else {
               $response = new usr();
               $response->success = 0;
               $response->message = "Username sudah ada";
               die(json_encode($response));
           }
       }    }
       mysql_close(); ?>

谢谢!

1 个答案:

答案 0 :(得分:-1)

PHP 7.x删除所有mysql_* Funktionsweise,改为使用mysqli

Source

我编辑了你的代码,这是应该工作的代码(未经过测试)。我也有一些笔记给你。

$name = $_POST["name"];
$surname = $_POST["surname"];
$address = $_POST["address"];
$username = $_POST["username"];
$password = $_POST["password"];
$confirm_password = $_POST["confirm_password"];

if(empty($username){ 
    $response = new usr();
    $response->success = 0;
    $response->message = "Kolom username tidak boleh kosong"; 
    die(json_encode($response));    
}
elseif(empty($password)){
    $response = new usr();
    $response->success = 0;
    $response->message = "Kolom password tidak boleh kosong"; 
    die(json_encode($response));
}
elseif(empty($confirm_password) || $password != $confirm_password){ 
    $response = new usr();
    $response->success = 0;
    $response->message = "Konfirmasi password tidak sama"; 
    die(json_encode($response));
}
elseif(!empty($username) && $password == $confirm_password){
    // create mysqli object
    $mysqli = new mysqli("my_server", "my_user", "my_password", "my_database");

    // check connection
    if(mysqli_connect_errno()){
        sprintf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }

    // escape the user name, have a look at the SQL injection paragraph
    $username = $mysqli->real_escape_string($username);

    // speed up the code, it is not necessary to select * because the returned data is not used anyway
    $query = "SELECT 1 FROM resident WHERE username='".$username."';";
    $result = $mysqli->query($query);

    if($result->num_rows > 0){
        // escape all the other values, using the array is not necessary, this is just for (in my opinion) better looking code
        $values = array(
            'id' => 0,
            'name' => $mysqli->real_escape_string($name),
            'surname' => $mysqli->real_escape_string($surname),
            'address' => $mysqli->real_escape_string($address),
            'contactno' => $mysqli->real_escape_string($contactno),
            'password' => $mysqli->real_escape_string($password)
        );

        $query = "INSERT INTO resident (".implode(",", array_keys($values)).") VALUES (".implode(",", $values).");";
        $result = $mysqli->query($query);

        if($result && $result instanceof mysqli_result && $mysqli->affected_rows > 0){
            $response = new usr();
            $response->success = 1;
            $response->message = "Register berhasil, silahkan login.";
            die(json_encode($response));
        }
        else{
            $response = new usr();
            $response->success = 0;
            // I think this is a wrong error message, this should say something like "There is an internal error, please contact an administartor"
            $response->message = "Username sudah ada";
            die(json_encode($response));
        }
    }
    else{
        $response = new usr();
        $response->success = 0;
        $response->message = "Username sudah ada";
        die(json_encode($response));
    }

    $mysqli->close();
}

备注

  1. 从不执行SELECT * FROM my_table WHERE username='".$_POST['username']之类的操作!这对SQL Injection来说非常不安全。 始终转义用户可以设置的所有值,甚至更好地使用prepared statements

  2. 检查是否可以使用您的数据库连接,否则您将收到错误。这些错误可能是因为数据库已移动,密码或用户已更改,服务器未联机...

  3. 在第68行中,即使错误原因不同,您也会提供与第76行相同的错误消息。您应该使用一些错误消息来清楚地说明用户必须做什么(在第68行错误中他什么都不做)它应该告诉您错误的位置。

  4. 我鼓励写一个Database类,它将创建一次,它为我提供了SQL函数。如果这样做,则不必每次都打开连接,因此如果更改数据库,则只需一行代码(在Database类中)。此外,从mysql_更改为mysqli_将非常容易,因此您的问题可以很快得到解决。

相关问题
最新问题