stackoom
  简体   繁体   中英

How to replace mysql_result for a simple login system

 原文  2014-01-06 13:18:18       php/ mysql/ mysqli

Question

I'm having some trouble when I'm trying to replace mysql_* with mysqli_* in my code. Everything works except mysql_result . I've searched for answers but I'm a beginner so I had a lot of trouble understanding. It seems like mysqli_result doesn't exist or at least not working.

My current bit of code for the login, with the mysql_result looks like this: 

if (isset($_POST['submit'])){

  $sql = "SELECT membersid FROM members
   WHERE user='{$_POST['user']}'
   AND pass='{$_POST['passwd']}'";
   $result = query($con, $sql);

   // If not username or password found, return to index.
   if (mysqli_num_rows($con, $result) == 0){
     header("Location: index.php?badlogin=");
     exit;
   }

   // Unique index for session.
   $_SESSION['sess_id'] = mysql_result($result, 0); //Here is my problem
   $_SESSION['sess_user'] = $_POST['user'];
   header("Location: hem.php");
   exit;
}

// Logout.
if (isset($_GET['logout'])){
   $_SESSION = array();
   session_destroy();
   header("Location: index.php");
   exit;
}

It doesn't work as it is. I get "username or password incorrect". But it worked before I started replacing mysql with mysqli. My question is, how do I replace mysql_result code in order to get this part of the script to work?

2 answers

solution1
 1 ACCPTED  2014-01-06 13:29:47

Assuming your query method uses mysqli then $result is probably a mysqli_result object. You can grab the row and the field using: 

$row = $result->fetch_array();
$_SESSION['sess_id'] = $row[0];

Explanation:

$result is a mysqli_result object representing the results of your query.
Calling fetch_array() on this will return the next row of your results (or false if there are no more rows). So this puts a single row, as an array, into the $row variable.
Finally we grab the first column in that row using $row[0] .

solution2
 1  2014-01-06 13:41:01

I think you're close. But you're still open to SQL injection. You should NEVER include $_POST in a query directly. Read more on SQL injection prevention over at Bobby Tables .

Problems fixed in this

  1. It looks like $sql should be $result
  2. mysqli_num_rows only needs your result object, not the connection
  3. mysql_result is serious old school and there is no equivalent in mysqli . I would HIGHLY suggest you use something more modern like mysqli_fetch_assoc

Code block 

if(isset($_POST['submit'])){
   $result = mysqli_query($con, "SELECT membersid FROM members
   WHERE user='{$_POST['user']}'
   AND pass='{$_POST['passwd']}'");

   // If not username or password found, return to index.
   if(mysqli_num_rows($result) == 0){
     header("Location: index.php?badlogin=");
     exit;
   }

   // Unique index for session.
   $row = mysqli_fetch_assoc($result);
   $_SESSION['sess_id'] = $row['membersid'];
   $_SESSION['sess_user'] = $_POST['user'];
   header("Location: hem.php");
   exit;
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to replace mysql_result in PHP 7.2? How to effectively replace (mysql_result(mysql_query()) in PDO? Replace mysql_result with mysqli_? how to convert mysql_result in mysqli? mysql_result in PDO mysql_result to PDO the function mysql_result How to convert mysql_result to mysqli result in this example How can I avoid the error from mySQL on mysql_result? mysql_result conversion to sqlsrv
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM