我正在尝试自学PHP和sql,现在我陷入了这个错误:
public int UploadImage(csAdminBlog myAdminBlog)
{
string[] ValidImageTypes = new string[]
{
"image/gif",
"image/png",
"image/jpeg",
"image/jpg",
"image/pjpeg"
};
try
{
if (myAdminBlog.File == null || myAdminBlog.File.ContentLength == 0)
{
return 1;
}
else if (!ValidImageTypes.Contains(myAdminBlog.File.ContentType))
{
return 2;
}
if (myAdminBlog.File != null && myAdminBlog.File.ContentLength > 0)
{
myAdminBlog.File.SaveAs(Path.Combine(Server.MapPath(ExynosCRUD.PathBlog), myAdminBlog.File.FileName));
myAdminBlog.BlogImage = Path.Combine(Server.MapPath(ExynosCRUD.PathBlog), myAdminBlog.File.FileName);
return 3;
}
else
{
return 4;
}
}
catch (Exception Err)
{
throw;
}
}
我已经尝试了所有方法,并进行了很多搜索,但是我找不到解决该错误的答案。
这也是我的php代码:
Warning: mysqli_query() expects at least 2 parameters, 1 given in -----\login.php on line 66
Warning: mysqli_query() expects at least 2 parameters, 1 given in -----\login.php on line 68
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null
given in -----\login.php on line 70
FAILED
他可以连接到数据库,但我无法使用用户登录。
这也是我的数据库图片:
答案 0 :(得分:2)
函数mysqli_query需要两个参数,查询和数据库连接。看起来像这样:
$connect = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
$sql = "SELECT * FROM users WHERE email ='".$email."'AND password='".$password."'limit 1";
$result = mysqli_query($connect, $sql);
但是
此代码可用于SQL注入,不会对密码进行哈希运算。由于您仍在学习中,请学习正确的方法以确保不会犯此错误。使用prepared statements和bind_param完成此操作。
$connect = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
$stmt = $connect->prepare("SELECT * FROM `users` WHERE email = ? AND password = ? LIMIT 1");
if(!$stmt) {
$error = "Error: Could not prepare SQL statement.";
}
$email = $_POST['email'];
$password = $_POST['password'];
if(!$stmt->bind_param('ss', $email, $password)) {
$error = "Error: Could not bind parameters.";
}
if(!$stmt->execute()) {
$error = "Error: Could not execute query on the server.";
}
$result = $stmt->get_result();
/*
You could use this to bind the result variables
while($row = $result->fetch_assoc()) {
$password = $row['password'];
$email = $row['email'];
}
*/
if($result->num_rows == 1) {
echo "SUCCESS";
exit();
} else {
echo "FAILED";
exit();
}
您应该以纯文本格式从不将密码存储在哈希中。
您可以这样创建密码哈希:
$hash = password_hash($password, PASSWORD_DEFAULT);
然后您可以像这样验证它:
password_verify($password, $hash);
创建两个函数可能会更容易,因此您不必一遍又一遍地编写它:
function hashPassword($password) {
return password_hash($password, PASSWORD_DEFAULT);
}
function verifyPassword($password, $hash) {
return password_verify($password, $hash);
}
答案 1 :(得分:0)
<?php
$servername = "localhost";
$username = ""; //Enter database username
$password = ""; //Enter database password
$dbname = ""; //Enter database number
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['email'])){
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE email ='".$email."'AND password ='".$password."'limit 1";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "SUCCESS";
exit();
} else {
echo "FAILED";
exit();
}
}
$conn->close();
?>
希望此代码有效。...
答案 2 :(得分:0)
函数mysqli_query()需要两个参数。
请
1:阅读文档https://www.w3schools.com/php/func_mysqli_query.asp
2:更改有关文档的代码。
代码示例: //设置与数据库的连接 $ mysqli =新的mysqli(“ localhost”,“ db_user”,“ db_password”,“ db_name”);
//执行查询并将响应存储到变量$ result中 $ result = $ mysqli-> query(“ SELECT * FROM users WHERE email ='”。$ email。“'AND password'”。$ password。“'limit 1”);
// Todo:检查$ resutl变量并执行进一步的步骤
答案 3 :(得分:-1)
我认为由于您的sql语句不正确而导致错误
通过
修改您的sql"SELECT * FROM users WHERE email ='".$email."'AND password'".$password."'limit 1"
到
"SELECT * FROM users WHERE email ='".$email."' AND password = '".$password."' limit 1"
您在password'".$password."'语句中忘记了
我也认为您应该为安全起见准备语句和绑定参数并防止sql注入 https://websitebeaver.com/prepared-statements-in-php-mysqli-to-prevent-sql-injection