PHP / SQL Select语句不起作用

时间:2012-02-23 23:48:05

标签: php mysql phpmyadmin mysql-error-1064

我有一个表格,要求用户输入他们的NI号码和Refence号码。一旦输入并检入系统,它应该将它们转移到另一个页面,但是它会出现else语句,该语句表示在数据库中找不到ni编号和参考编号。我做错了什么?

这是我的表格:

    <form action="checknumbers.php" method="post">

<table width="50%" border="0">
  <tr>
    <td><label for="ni">National Insurance Number</label>
</td>
    <td><span id="sprytextfield1">
    <input type="text" name="ni" id="ni" />
    <span class="textfieldRequiredMsg">*</span><span class="textfieldMaxCharsMsg">*</span></span></td>
  </tr>
  <tr>
    <td><br /><label for="ref">Reference Number</label>
</td>
    <td><br /><span id="sprytextfield2">
    <input type="text" name="ref" id="ref" />
    <span class="textfieldRequiredMsg">*</span></span></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><br /><br /><input name="" type="submit" value="Continue" /></td>
  </tr>
</table>

</form>

这是我的php:

    <?php
$host="localhost"; // Host name
$username="**"; // Mysql username
$password="**"; // Mysql password
$db_name="***"; // Database name
$tbl_name="public"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$ni=$_POST['ni'];
$ref=$_POST['ref'];

// To protect MySQL injection (more detail about MySQL injection)
$ni = stripslashes($username);
$ref = stripslashes($password);
$ni = mysql_real_escape_string($username);
$ref = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE ni ='$ni' AND ref='$ref' AND active = 'not_activated'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

header("location:securityquestion.php");
}

else {

    echo '<hr><h4>Your National Insurance Number Or Reference Number Does Not Match</h4><hr><a href="register.html">Please try Again</a>';
}
?>

帮助meeeee

2 个答案:

答案 0 :(得分:3)

您正在覆盖变量$ ni和$ ref。

替换:

    $ni=$_POST['ni'];  
      $ref=$_POST['ref'];    // To protect MySQL injection (more detail about MySQL injection)  
      $ni = stripslashes($username);  
      $ref = stripslashes($password);  
      $ni = mysql_real_escape_string($username);  
      $ref = mysql_real_escape_string($password);

使用:

 $ni= mysql_real_escape_string( stripslashes( $_POST['ni'] ) );  
 $ref= mysql_real_escape_string( stripslashes( $_POST['ref'] ) );

答案 1 :(得分:0)

您将mysql用户名分配给变量$ni,将mysql密码分配给$ref。变化

$ni = stripslashes($username);
$ref = stripslashes($password);


$ni = stripslashes($ni);
$ref = stripslashes($ref);
相关问题
最新问题