[英]mysql_num_rows(): supplied argument is not a valid MySQL result resource in 15
Every time I try to run my script I get this error, saying that mysql_num_rows(): supplied argument is not a valid MySQL result resource.
每次尝试运行脚本时,都会出现此错误,并说mysql_num_rows(): supplied argument is not a valid MySQL result resource.
I'm not quite sure why its doing this. 我不太确定为什么要这么做。 My goal is to get it to check to see if the client who logs in is an admin. 我的目标是让它检查登录的客户端是否是管理员。
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$user = $_SESSION['user'];
//connect
$connect = mysql_connect("localhost","*******_robert","***********") or die ("Couldn't Connect"); //host,username,password
mysql_select_db("virtua15_gateway") or die ("Could not find database");
//query
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password==$dbpassword)
{
header( 'Location: index2.php' );
$_SESSION['username']=$dbusername;
}
else
echo "incorrect username and password";
}
else
die ("This user does not exist");
}
else
die("Please enter a username and a password");
while($get = mysql_fetch_assoc($get))
{
$admin = $row['admin'];
}
if ($admin==0)
die ("You are not and admin!");
header('Location: index2.php')
?>
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
So, is it $get
or $query
? 因此,它是$get
还是$query
?
You call your query resource $get, but then pass it as $query. 您调用查询资源$ get,然后将其作为$ query传递。 Choose one :) 选一个 :)
$query = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
Also, add an error checking in case the query fails (die() or trigger_error()) 另外,添加错误检查以防查询失败(die()或trigger_error())
Might be also worth noting you need to escape any input instead of feeding it directly in your query (even from $_SESSION or $_COOKIES, not only $_POST). 可能还值得注意的是,您需要转义任何输入,而不是直接将其输入查询中(即使来自$ _SESSION或$ _COOKIES,而不仅仅是$ _POST)。 Use mysql_real_escape_string() for that. 为此使用mysql_real_escape_string() 。 And you should not store password in clear text, might use sha1() or better hashing algos. 而且,您不应以明文形式存储密码,可能会使用sha1()或更好的哈希算法。
use this: 用这个:
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);
instead of : 代替 :
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);
change $query to $get 将$ query更改为$ get
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.