[英]Why isn't num_rows returning any value?
I have the following PHP code where I want to return the number of rows based on the previous SQL statement, however, $num doesn't doesn't seem to be returning anything. 我有以下PHP代码,我想根据先前的SQL语句返回行数,但是,$ num似乎没有返回任何内容。
$ipAddress = $_SERVER['REMOTE_ADDR'];
if ($result = $mysqli->query("SELECT * FROM whovisit WHERE ipAddress = ".$ipAddress."")) {
$num = $result->num_rows;
}
echo $num; // <-- not showing up on my page
if ($num > 0) {
$sqlupdate = $mysqli->query("UPDATE whovisit SET visitCount = visitCount + 1 WHERE ipAddress = ".$ipaddress."");
}
else {
$sqlupdate = $mysqli->query("INSERT INTO whovisit values ('".$_SERVER['REMOTE_ADDR']."', '1')");
}
Any ideas? 有任何想法吗? Thanks
谢谢
Ensure that you have a $ infront of ipaddress 确保您的ipaddress前面有一个$
$ipaddress = $_SERVER['REMOTE_ADDR'];
As the IP address is a string it should be put in single quotes. 由于IP地址是字符串,因此应将其用单引号引起来。
if ($result = $mysqli->query("SELECT * FROM whovisit WHERE ipAddress = '".$ipAddress."';")) {
$num = $result->num_rows;
}
If you are unsure if the query is running correctly you could also add an else to the above if statment and output any mysql error messages. 如果不确定查询是否正确运行,还可以在上述if语句中添加else并输出任何mysql错误消息。
}else{
echo "QueryError: ".$mysqli->error
}
If you get nothing on the page, this means $num
must not be being set. 如果页面上没有任何内容,则表示不得设置
$num
。 Given the code you have, that would mean the if
block is not being executed - ie $result
is a falsey value. 给定您拥有的代码,这意味着
if
块未在执行-即$result
是一个falsey值。 Which means your query is failing. 这意味着您的查询失败。
And unfortunately this one's pretty easy if you examine the generated query. 不幸的是,如果您检查生成的查询,这很容易。 Following what happens step-by-step, we see you're injecting the contents of the server variable
REMOTE_ADDR
, which is presumably going to be an IPv4 address in a dotted-decimal format, into the query string. 循序渐进,我们看到您正在将服务器变量
REMOTE_ADDR
的内容注入到查询字符串中,该变量可能是点分十进制格式的IPv4地址。 So you'll have a SQL statement like, which fails to parse at the second .
因此,您将有一条类似SQL的语句,该语句在第二秒无法解析
.
: :
SELECT * FROM whovisit WHERE ipAddress = 127.0.0.94
Oops. 哎呀。
Since the IP address is a string, you need to enclose it in single quotes: 由于IP地址是字符串,因此需要将其用单引号引起来:
"SELECT * FROM whovisit WHERE ipAddress = '".$ipAddress."'"
Which will result in the queries in the following form: 这将导致查询格式如下:
SELECT * FROM whovisit WHERE ipAddress = '127.0.0.94'
Or better yet, use a parameterized query and you don't have to worry about quoting and escaping. 或者更好的是,使用参数化查询,而您不必担心引用和转义。
$_SERVER['REMOTE_ADDR']
is probably relatively safe as far as SQL injection attacks go, but 1)it's easier to use parameters than a concatenated string, and 2)you never truly can trust a value you didn't generate yourself. 就SQL注入攻击而言,
$_SERVER['REMOTE_ADDR']
可能相对安全,但1)使用参数比连接字符串更容易使用,以及2)您永远无法真正信任自己生成的值。
Similar post: 类似帖子:
php switching to mysqli: num_rows issue PHP切换到mysqli:num_rows问题
In PHP v 5.2 mysqli::num_rows is not set before fetching data rows from the query result. 在PHP v 5.2中,在从查询结果中获取数据行之前未设置mysqli :: num_rows。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.