[英]mysql_num_rows() not working at all
I have this piece of PHP code:我有这段 PHP 代码:
<?php
$username=$_POST['username'];
$password=$_POST['password'];
if($username&&$password){
$connect=mysql_connect("localhost","root","") or die(" Couldnt connect");
mysql_select_db("phplogin") or die ("Can't find database" .mysql_error());
$query=mysql_query("SELECT * users WHERE username='$username' ");
$numrows=mysql_num_rows($query);
if (!$query) {
die('Invalid query: ' . mysql_error());
}
}
else
die ("Enter username and password!") .mysql_error();
?>
However, when I try to run this code I get these errors:但是,当我尝试运行此代码时,会出现以下错误:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\PHP testing\login.php on line 9警告:mysql_num_rows() 期望参数 1 是资源,boolean 在 C:\wamp\www\PHP testing\login.ZE1BFD762321E409CEE4AC0B6E841969C 行中给出
and和
You have an error in your SQL syntax;您的 SQL 语法有错误; check the manual that corresponds to your MySQL server version for the right syntax to use near 'users WHERE username='alex'' at line 1检查与您的 MySQL 服务器版本相对应的手册,以获取在第 1 行的“用户 WHERE 用户名 = 'alex'”附近使用的正确语法
Can someone explain to me what I'm I doing wrong here?有人可以向我解释我在这里做错了什么吗?
You must specify a table from which you're selecting with FROM keyword:您必须使用 FROM 关键字指定要从中选择的表:
$query=mysql_query("SELECT * FROM users WHERE username='$username' ");
$numrows=mysql_num_rows($query);
you should really check for errors after your query, then the system will tell you what is wrong你真的应该在查询后检查错误,然后系统会告诉你什么是错误的
$query = mysql_query("SELECT * users WHERE username='$username' ");
if (mysql_error() {
die(mysql_error());
}
$numrows = mysql_num_rows($query);
as @mike commented, your select query is missing the from bit正如@mike 评论的那样,您的 select 查询缺少 from 位
"SELECT * FROM users WHERE username='$username' "
Well Your code is vulnerable to SQL Injection Attack那么您的代码容易受到SQL 注入攻击
$username=$_POST['username'];
$password=$_POST['password'];
instead of above use this code
$username= mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$connect = mysql_connect("localhost","root","") or die("Couldn't connect!");
mysql_select_db("phplogin") or die("Couldn't find db");
$result = mysql_query("SELECT * FROM admin", $connect);
$numrows = mysql_num_rows($result);
and it will evaluate resource它会评估资源
$query = mysql_query("SELECT * users WHERE username='$username' ");
if (mysql_error() {
die(mysql_error());
}
$numberOfRows = mysql_num_rows($query);
echo $numberOfRows;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.