这个问题已经在这里有了答案:

我是php新手,试图学习一些东西。我正在尝试编写一个脚本,该脚本允许用户在验证个人信息后重置密码。 除了这个php脚本之外,其他所有东西都运行良好。 该脚本从表单输入字段接收数据。 该程序应该输出:

echo $e.'&u='. $us .'&er='.$err.'&o='. $bulls3 .'&r='.$bulls4;


            exit(); 

可以作为responseText发送到ajax。 问题是此php脚本无法正常工作,并给我以下错误消息。 有谁能帮助我。 任何帮助将不胜感激。 预先感谢您的帮助。

错误输出消息:

警告:mysqli_num_rows()期望参数1为mysqli_result,在119行的C:\\ xampp \\ htdocs \\ myGenius \\ identityverify.php中给出布尔值

<?php
// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST["bd"])){
    $bad= preg_replace('#[^0-9-]#i', '', $_POST['bd']);
    //Connect to database
    include_once("php_includes/connect_to_mysqli.php");
    $e = mysqli_real_escape_string($db_conx,$_POST['e']);
    $c= preg_replace('#[^a-z ]#i', '', $_POST['c']);
    $post= preg_replace('#[^a-z0-9]#i', '', $_POST['pst']);
    $user= preg_replace('#[^a-z0-9]#i', '', $_POST['us']);
    $odd= preg_replace('#[^a-z0-9]#i', '', $_POST['od']);

    if($e =="" || $bad =="" || $c=="" ||$post==""){
        echo "empty";
        exit();
        }else if($user=="" || $odd==""){
            echo "no_exist";
            exit();
        }else{



    $sql = "SELECT id, username FROM user WHERE email='$e' AND activated='1' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $numrows = mysqli_num_rows($query);
    if($numrows > 0){
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $id = $row["id"];
            $u = $row["username"];  

//Encrypted values to check with user input passed from hidden fields           
                    //Check codes
            $bull= value1;
            $bull2= value2;
            $bull3= value3;
            $bull3=value4;
            $us= value5;
            $err= value6;

        }
        if($user==$us && $odd==$err){   


    $sql = "SELECT country, birthday, postal FROM useroptions WHERE email='$e' AND username='$u' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $numrows = mysqli_num_rows($query);
    if($numrows > 0){
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $con = $row["country"];
            $bday = $row["birthday"];
            $poost = $row["postal"];

        }


if($c == $con && $bad == $bday && $post==$poost){
// encoded value using some type of encryption for passing data to another web page based on user information data
                $bulls= value1;
                $bulls2= value2;
                $bulls1=value3;
                $bulls3= value4;
                $bulls4= value5;
                $bulls3=value6;
                $bulls4=value7;

            echo $e.'&u='. $us .'&er='.$err.'&o='. $bulls3 .'&r='.$bulls4;


            exit();
        }else{
            echo "wrong";
            exit();
            }

        }else {
        echo "contact";
        exit();
    }//user option not set
    }else{
        echo "no_exist";
        exit();
        }//end code comparison and send to error page
    }else{
        echo "no_exist";
        exit();
        }
        exit();
}}
?>

===============>>#1 票数:0 已采纳

我总是使用两个查询,而不是让服务器返回所有匹配的内容

  1. select count(*) from database where condition='expected';
  2. 根据验证初始结果的if()子句执行第二个查询。

由于没有执行我的主查询,因此可以防止注入。

尝试更换

if(isset($_POST["bd"])){

if(!empty($_POST["bd"])){

  ask by Andy Jainson translate from so

未解决问题?本站智能推荐: