I'm having some trouble when I'm trying to replace mysql_*
with mysqli_*
in my code. Everything works except mysql_result
. I've searched for answers but I'm a beginner so I had a lot of trouble understanding. It seems like mysqli_result
doesn't exist or at least not working.
My current bit of code for the login, with the mysql_result looks like this:
if (isset($_POST['submit'])){
$sql = "SELECT membersid FROM members
WHERE user='{$_POST['user']}'
AND pass='{$_POST['passwd']}'";
$result = query($con, $sql);
// If not username or password found, return to index.
if (mysqli_num_rows($con, $result) == 0){
header("Location: index.php?badlogin=");
exit;
}
// Unique index for session.
$_SESSION['sess_id'] = mysql_result($result, 0); //Here is my problem
$_SESSION['sess_user'] = $_POST['user'];
header("Location: hem.php");
exit;
}
// Logout.
if (isset($_GET['logout'])){
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit;
}
It doesn't work as it is. I get "username or password incorrect". But it worked before I started replacing mysql with mysqli. My question is, how do I replace mysql_result
code in order to get this part of the script to work?
Assuming your query method uses mysqli then $result
is probably a mysqli_result object. You can grab the row and the field using:
$row = $result->fetch_array();
$_SESSION['sess_id'] = $row[0];
Explanation:
$result
is a mysqli_result object representing the results of your query.
Calling fetch_array()
on this will return the next row of your results (or false if there are no more rows). So this puts a single row, as an array, into the $row
variable.
Finally we grab the first column in that row using $row[0]
.
I think you're close. But you're still open to SQL injection. You should NEVER include $_POST
in a query directly. Read more on SQL injection prevention over at Bobby Tables .
Problems fixed in this
$sql
should be $result
mysql_result
is serious old school and there is no equivalent in mysqli
. I would HIGHLY suggest you use something more modern like mysqli_fetch_assoc Code block
if(isset($_POST['submit'])){
$result = mysqli_query($con, "SELECT membersid FROM members
WHERE user='{$_POST['user']}'
AND pass='{$_POST['passwd']}'");
// If not username or password found, return to index.
if(mysqli_num_rows($result) == 0){
header("Location: index.php?badlogin=");
exit;
}
// Unique index for session.
$row = mysqli_fetch_assoc($result);
$_SESSION['sess_id'] = $row['membersid'];
$_SESSION['sess_user'] = $_POST['user'];
header("Location: hem.php");
exit;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.