我现在收到错误:
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /home/jahedhus/public_html/system/vote.php on line 126
我的php代码如下:
<?php
$id = $_GET['election'];
$result = mysql_query("SELECT * FROM votes WHERE election_id = '$id' AND ni = '". $_SESSION['ni']."'" )
or die(mysql_error());
if (mysql_num_rows($result) == 0) {
$sql="SELECT * FROM elections WHERE status = 'in_progress' AND election_id = '$id'";
$result1=mysql_query($sql);
$options="";
$party2="";
$party3="";
while ($row=mysql_fetch_array($result1)) {
echo "<tr>";
echo "<td><h5>" . $row['name_of_election']. "</h5><hr></td>";
echo "</td>";
$idd=$row["party1"];
$thing=$row["party1"];
$options.="<OPTION VALUE=\"$idd\">".$thing;
$idd=$row["party2"];
$thing=$row["party2"];
$party2.="<OPTION VALUE=\"$idd\">".$thing;
$idd=$row["party3"];
$thing=$row["party3"];
$party3.="<OPTION VALUE=\"$idd\">".$thing;
}
}
?>
<?php if (mysql_num_rows($result1) == 0) : ?>
<form action="votecasted.php?election=<?php echo $id; ?>" method="post">
<span id="spryselect1">
<label for="vote">Vote</label>
<select size=1" name="vote" id="vote">
<option selected="selected">Select Your Desired Party</option>
<?=$options?>
<?=$party2?>
<?=$party3?>
</select>
<span class="selectRequiredMsg">*</span></span><br />
<br /> <input name="" type="submit" value="Vote" />
</form>
<?php else : ?>
You cannot post vote anymore.
<?php endif; ?>
第126行是:
<?php if (mysql_num_rows($result1) == 0) : ?>
一旦用户投票,这很奇怪,它会显示错误消息,如果用户没有投票,则显示“你不能再投票了。”
答案 0 :(得分:0)
如果我正确理解了这个问题,您只需检查$result是否与false不同。我建议您对嵌入式PHP使用以下语法:
<?php if ($result) : ?>
<form></form>
<?php else : ?>
Something else
<?php endif; ?>
在您的情况下,再进行一些SQL注入检查:
<?php
$id = mysql_real_escape_string($_GET['election']);
$ni = mysql_real_escape_string($_SESSION['ni']);
$votes = mysql_query("SELECT * FROM votes WHERE election_id = '$id' AND ni = '$ni'" )
or die(mysql_error());
if (mysql_num_rows($votes) == 0) {
$sql = "SELECT * FROM elections WHERE status = 'in_progress' AND election_id = '$id'";
$elections = mysql_query($sql);
$options="";
$party2="";
$party3="";
while ($row = mysql_fetch_array($elections)) {
echo "<tr>";
echo "<td><h5>" . $row['name_of_election']. "</h5><hr></td>";
echo "</td>";
$idd=$row["party1"];
$thing=$row["party1"];
$options.="<OPTION VALUE=\"$idd\">".$thing;
$idd=$row["party2"];
$thing=$row["party2"];
$party2.="<OPTION VALUE=\"$idd\">".$thing;
$idd=$row["party3"];
$thing=$row["party3"];
$party3.="<OPTION VALUE=\"$idd\">".$thing;
}
}
?>
<?php if (mysql_num_rows($votes) == 0) : ?>
<form action="votecasted.php?election=<?=$id?>" method="post">
<span id="spryselect1">
<label for="vote">Vote</label>
<select size="1" name="vote" id="vote">
<option selected="selected">Select Your Desired Party</option>
<?=$options?>
<?=$party2?>
<?=$party3?>
</select>
<span class="selectRequiredMsg">*</span></span><br />
<br />
<input name="" type="submit" value="Vote" />
</form>
<?php else : ?>
You cannot post vote anymore.
<?php endif; ?>