检查SQL数据库中的记录,这里有什么问题?

时间:2011-12-13 08:15:59

标签: php mysql

  

可能重复:
  Best way to stop SQL Injection in PHP
  supplied argument is not a valid MySQL result resource
  php/mysql account activation

无法想象我的生活...

基本上我只想检查一条记录是否存在,如果没有,做一些事情,如果有的话,做一些其他的事情。无法使用我编写的代码。

首先,错误:

警告:mysql_num_rows():提供的参数不是第7行的claimreview.php中的有效MySQL结果资源

这是我的数据库连接(工作正常,因为它没有任何错误)

dbconn.php
<?

// e.g. dbconn('localhost','your_database','your_login','your_pass');

$db = dbconn('localhost','db','login','pass');

// No need to edit below this line.

function dbconn($server,$database,$user,$pass){
// Connect and select database.
$db = mysql_connect($server,$user,$pass);
$db_select = mysql_select_db($database,$db);
return $db;
}

?>

这是我的脚本,它接收一封电子邮件(我回应确认它正在接收电子邮件,它是)

<?php
include('functions/dbconn.php');
$email = $_POST["email"];
$sql = "SELECT * FROM reviewers WHERE email = '$email'";
echo $sql;
$result = mysql_query($sql);
$num = mysql_num_rows($result); //LINE 7
if ($num > 0) {
echo "Found record";
}
else
{
echo "Didn't find record </br>";
}
echo $num;
echo $email;
    ?>

它也回应了SQL,如下所示:

SELECT * FROM reviewers WHERE email = 'email-from-form-here'

2 个答案:

答案 0 :(得分:0)

测试你的SQL查询:

$result = mysql_query($sql) or die(mysql_error());

答案 1 :(得分:0)

您需要添加一些错误处理以找出问题所在。每个mysql _...函数可能会失败,然后返回false,mysql_error()可以告诉您有关错误的更多信息。
让我们从你的dbconn函数开始。

<?php
function dbconn($server,$database,$user,$pass) {
    // Connect and select database.
    // 1. give the calling script at least a chance to detect connect/db-select errors
    $db = mysql_connect($server,$user,$pass);
    if ( $db ) {
        $db_select = mysql_select_db($database, $db);
        if ( !$db_select ) {
            $db = false;
        }
    }
    return $db;
}

然后是主脚本

<?php
require 'functions/dbconn.php';
// 2. check if the database connection has been established
if ( !$db ) {
    die(mysql_error());
}

// 3. prevent sql injections
$email = mysql_real_escape_string($_POST["email"], $db);

// 4. If you don't need the data itself use Count(*) instead of mysql_num_rows()
$sql = "SELECT Count(*) FROM reviewers WHERE email = '$email'";
echo $sql;
$result = mysql_query($sql, $db);
// 5. check for errors 
if ( !$result ) {
    die(mysql_error($db));
}
// 6. SELECT Count(*) returns the result as a record, fetch it
$row = mysql_fetch_row($result);
// 7. ...it _should_ return a record, test it
if ( !$row ) {
    die('error: no record');
}

if ( '0'==$row[0] ) {
    echo "Didn't find record </br>";

}
else
{
    echo "Found record";
}
相关问题
最新问题