每当我尝试运行我的脚本时,我都会收到此错误,并说mysql_num_rows(): supplied argument is not a valid MySQL result resource.我不太确定为什么会这样做。我的目标是让它检查登录的客户端是否是管理员。
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$user = $_SESSION['user'];
//connect
$connect = mysql_connect("localhost","*******_robert","***********") or die ("Couldn't Connect"); //host,username,password
mysql_select_db("virtua15_gateway") or die ("Could not find database");
//query
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password==$dbpassword)
{
header( 'Location: index2.php' );
$_SESSION['username']=$dbusername;
}
else
echo "incorrect username and password";
}
else
die ("This user does not exist");
}
else
die("Please enter a username and a password");
while($get = mysql_fetch_assoc($get))
{
$admin = $row['admin'];
}
if ($admin==0)
die ("You are not and admin!");
header('Location: index2.php')
?>
答案 0 :(得分:3)
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
那么,是$get还是$query?
答案 1 :(得分:3)
您调用查询资源$ get,但随后将其作为$ query传递。选择一个:)
$query = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
另外,在查询失败的情况下添加错误检查(die()或trigger_error())
也可能值得注意,您需要转义任何输入而不是直接在查询中提供它(即使是$ _SESSION或$ _COOKIES,不仅仅是$ _POST)。请使用mysql_real_escape_string()。并且您不应该以明文形式存储密码,可以使用sha1()或更好的哈希算法。
答案 2 :(得分:2)
使用它:
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);
而不是:
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
答案 3 :(得分:1)
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);
将$ query更改为$ get