MySQLi Num行不起作用
[英]MySQLi Num Rows Doesnt Work
问题描述
i have a simple login system and i get nothing when trying to fetch the number of rows, the same method used to work all the time, i dont know what is going on today. 
我有一个简单的登录系统,尝试获取行数时却一无所获,该方法一直用于工作,我不知道今天发生了什么。
Code: 码:
<?php
class LoginClass {
public $User;
public $Pass;
public $Query;
function Init() {
$User = $this->User;
$Pass = $this->Pass;
if($User != '')
{
if($Pass != '')
{
$this->HashPass();
}
else
{
echo 'Please Enter A Password.';
}
}
else
{
echo 'Please Enter A Username or E-Mail.';
}
}
function HashPass() {
$Pass = $this->Pass;
$this->Pass = hash('sha256', $Pass);
$this->CheckUser();
}
function CheckUser() {
$User = $this->User;
if(!filter_var($User, FILTER_VALIDATE_EMAIL))
{
$this->Query = 'SELECT * FROM Users WHERE User = "'.$User.'" AND Pass = "'.$this->Pass.'"';
}
else
{
$this->Query = 'SELECT * FROM Users WHERE EMail = "'.$User.'" AND Pass = "'.$this->Pass.'"';
}
$this->CheckDB();
}
function CheckDB() {
$Query = $this->Query;
$Connect = new mysqli("127.0.0.1", "root", "", "Data");
$Stmt = $Connect->prepare($Query)
$Stmt->execute();
$Stmt->store_result();
echo $Stmt->num_rows;
$Stmt->close();
$Connect->close();
}
function SetupSession() {
echo 'Test';
}
}
the Check DB is the problem here and im able to echo out the query variable in that function everything is fine, here is exactly what i get Check DB是这里的问题,我无法在该函数中回显查询变量,一切都很好,这正是我得到的
SELECT * FROM Users WHERE User = "Test" AND Pass = "532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25" 选择*来自用户的用户=“测试”并通过=“ 532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25”
I also checked my DB and all my tables are setup correctly and there is no password. 我还检查了数据库,并正确设置了所有表,并且没有密码。
1 个解决方案
解决方案1
0 2013-04-21 16:35:05
OK, need more space than the comments area, the issue is clearly in this block: 好的,需要比注释区域更多的空间,此块中的问题显然是:
function CheckDB() {
$Query = $this->Query;
$Connect = new mysqli("127.0.0.1", "root", "", "Data");
$Stmt = $Connect->prepare($Query)
$Stmt->execute();
$Stmt->store_result();
echo $Stmt->num_rows;
$Stmt->close();
$Connect->close();
}
I think it's because you aren't binding parameters to the prepared statement, you've already included them inline in your earlier statement. 我认为这是因为您没有将参数绑定到准备好的语句,而是已经将它们内联包含在较早的语句中。 Therefore, you probably want to: 因此,您可能想要:
Switch to non-prepared statement 切换至未准备的陈述
The easy option here will be to switch to a non-prepared statement. 此处的简单选项将是切换到未准备的语句。 Replace your block with: 将您的积木替换为:
function CheckDB() {
$Query = $this->Query;
$Connect = new mysqli("127.0.0.1", "root", "", "Data");
$Stmt = $Connect->query($Query)
echo $Stmt->num_rows;
$Stmt->close();
$Connect->close();
}
A word of caution with this approach: you need to sanitize your user input in the block which defines $User , otherwise you're leaving yourself open to mysql injection. 使用这种方法时要小心:您需要在定义$User的块中清理用户输入,否则您将无法进行mysql注入。 In that block, change this line: 在该块中,更改以下行:
$User = $this->User;
To the following: 要以下内容:
$User = mysql_real_escape_string($this->User);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.