我的mysql php代码有问题。该代码用于使用用户输入的变量搜索数据库并显示相应的结果。例如,如果我只搜索彩色照片,则只会列出彩色照片,其中包含艺术家姓名,尺寸等。但我收到错误信息,我不明白这意味着什么。它写着:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in C:\Program Files\xampp\htdocs\results.php on line 64
这是导致问题的代码,任何人都知道为什么???
//Run the query and storee result
$result = mysqli_query($link, $query);
//Get number of rows in the result set
$number_of_rows = mysqli_num_rows ($result);
//close link to database
mysqli_close($link);
原始查询是:
//Define an SQL query to retrieve desired information
$query = "
SELECT
photos.photo_id, members.member_name, photos.photo_title, photos.photo_film,
photos.photo_height, photos.photo_width
FROM members, photos
WHERE members.member_id = photos.member_id
";
//restict SQL query with an AND clause if a photo title has been supplied
if ($form_photo_title !="") {
$query.= "AND photos.photo_title = '$form_photo_title' ";
}
//Restrict the SQL query with an AND clause if a member has been selected
if ($form_member_name !=0) {
$query .= "AND members.member_name = $form_member_name ";
}
//Restrict the SQL query with an AND clause if a colour mode has been selected
if ($form_type !="") {
$query .= "AND photo.photo_film = $form_type ";
}
//Run the query and storee result
$result = mysqli_query($link, $query);
答案 0 :(得分:2)
你的mysqli_query命令将返回false。使用mysqli_error来诊断问题。
if (!mysqli_query($link, $query)) {
printf("Errormessage: %s\n", mysqli_error($link));
}
您需要进行上述检查才能确定,但您的查询问题可能与此部分有关,而该部分未引用似乎是字符串值的内容:
if ($form_member_name !=0) {
$query .= "AND members.member_name = $form_member_name ";
}
$ form_member_name至少应该用单引号括起来,但你应该肯定使用参数化语句,而不是将未经过处理的变量嵌入到你的查询中,因为你要对自己敞开大门。 SQL injection attack。这是一个修订版本,但请记住,我对mysqli有点生疏,没有你的DB就无法测试它:
$query = "
SELECT
photos.photo_id, members.member_name, photos.photo_title, photos.photo_film,
photos.photo_height, photos.photo_width
FROM members, photos
WHERE members.member_id = photos.member_id
";
$types = "";
$params = array();
if ($form_photo_title !="") {
$query.= "AND photos.photo_title = ? ";
$types .= "s";
$params[] = $form_photo_title;
}
if ($form_member_name !=0) {
$query .= "AND members.member_name = ? ";
$types .= "s";
$params[] = $form_member_name;
}
if ($form_type !="") {
$query .= "AND photo.photo_film = ? ";
$types .= "s";
$params[] = $form_type;
}
if (!($statement = mysqli_prepare($link, $query)))
throw new Exception(mysqli_error($link));
// this tells the statement to substitute those question marks with each of
// the values in the $params array. this is done positionally, so the first
// question mark corresponds to the first element of the array, and so on.
// the $types array is just a string with an indication of the type of the
// value stored at each position in the array. if all three of the above
// clauses are applied, then $types will equal "sss", indicating that the
// first, second and third elements in $params are string types.
// worse still, because the parameters to the query are dynamic, we can't
// call mysqli_stmt_bind_param directly as it does not allow an array to be
// passed, so we have to call it dynamically using call_user_func_array!
// i really hate this about mysqli.
// if all three of your above query clauses are applied, this call translates to
// mysqli_stmt_bind_param(
// $stmt, $types,
// $form_photo_title, $form_member_name, $form_type
// );
array_unshift($values, $stmt, $types);
call_user_func_array("mysqli_stmt_bind_param", $values);
mysqli_stmt_execute($stmt);
// this instructs mysqli to assign each field in your query to each of
// these variables for each row that is returned by mysqli_stmt_fetch().
// this is also positional - if you change the order or number of fields
// in your query, you will need to update this.
mysqli_stmt_bind_result($photo_id, $member_name, $photo_title, $photo_film, $photo_height, $photo_width);
while (mysqli_stmt_fetch($stmt)) {
// $photo_id will be reassigned to the value from the row on each
// loop iteration
echo $photo_id."<br />";
}
我忘记了mysqli扩展名是什么可怕的野兽 - 如果你有权访问PDO extension,我 不能再强烈建议你学习它并改为使用它。
答案 1 :(得分:0)
您的查询有问题,它返回FALSE而不是结果集。什么是查询?
答案 2 :(得分:0)
form_member_name
需要引用?
实际上,form_photo_title
和{{1}}都需要properly handled来阻止SQL Injection攻击。
答案 3 :(得分:0)
我猜你试图执行的SQL有问题。在mysqli_query()命令之前将SQL打印到输出。然后获取该字符串并从mysql控制台运行它以查看是否可以执行查询。
答案 4 :(得分:0)
$query .= "AND photo.photo_film = $form_type ";
我认为一定是:
$query .= "AND photos.photo_film = $form_type ";
您错误拼写了表格名称并收到了“表格不存在”等错误。
不要忘记SQL注入。这段代码容易受到攻击。