没有返回足够的行

时间:2011-06-23 15:54:20

标签: php

我想弄清楚的是如何访问我需要的不同数组值。我有以下查询,并在应用print_r()时返回数组。由于某种原因,它只执行db表中的第一行。它应该返回另一行。

<?php

session_start();

// Include the database page
require ('../inc/dbconfig.php');
require ('../inc/global_functions.php');

//Login submitted
if (isset($_POST['submit'])) { 

// Errors defined as not being any
$errors = "no";

if((empty($_POST['answer1'])) || (trim($_POST['answer1'])=="") || ($_POST['answer1'] == NULL) || (!isset($_POST['answer1']))){$errors = "yes";}
if((empty($_POST['answer2'])) || (trim($_POST['answer2'])=="") || ($_POST['answer2'] == NULL) || (!isset($_POST['answer2']))){$errors = "yes";}

// Error checking, make sure all form fields have input
if ($errors == "yes") {

    // Not all fields were entered error
    $message = "You must enter values to all of the form fields!";

    $output = array('errorsExist' => true, 'message' => $message);

} else {

    $userID = mysqli_real_escape_string($dbc,$_POST['userID']);
    $answer1Post = mysqli_real_escape_string($dbc,$_POST['answer1']);
    $answer2Post = mysqli_real_escape_string($dbc,$_POST['answer2']);
    $question1 = mysqli_real_escape_string($dbc,$_POST['question1']);
    $question2 = mysqli_real_escape_string($dbc,$_POST['question2']);

    $query = "SELECT * FROM manager_users_secretAnswers WHERE userID = '".$userID."'";
    $result = mysqli_query($dbc,$query);

    // Count number of returned results from query
    if (mysqli_num_rows($result) > 0) {

        while ($row = mysqli_fetch_array($result)) {   

            $answer = $row['answer']; 

            // Comparing the database password with the posted password
            if ($answer == $answerPost) {



            } else {

                $errors = "yes";
                $message = "Your answers did not match the answers inside the database!";

                $output = array('errorsExist' => true, 'message' => $message);

            }


        }

    } else {

        $errors = "yes";
        $message = "We did not find any answers for your questions! Please consult the site administrator!";

        $output = array('errorsExist' => true, 'message' => $message);

    }

}

}

//Output the result
$output = json_encode($output);
echo $output;

?>

2 个答案:

答案 0 :(得分:4)

因为您只是获取第一个,所以应该在结果集上循环:

$query = "SELECT * FROM manager_users_secretAnswers WHERE userID = '$userID'";
$result = mysqli_query($dbc,$query);

if (mysqli_num_rows($result) > 0) {
    while ($row = mysqli_fetch_array($result)) {
        print_r($row);
    }
}

顺便说一下,您应该使用prepared statements来避免SQL injection

答案 1 :(得分:2)

您需要将获取包装在循环中。 e.g。

if (mysqli_num_rows($result) > 0)
{
  while (($row = mysqli_fetch_array($result)) !== false)
  {
    if ($row['answer'] == $answerPost)
    {
      // $row matches what we're looking for
    }
    else
    {
      $errors = "yes";
      $message = "Your answers did not match the answers inside the database!";
      $output = array('errorsExist' => true, 'message' => $message);
    }
    print_r($row);
  }
}
相关问题
最新问题