-2
我是新手PHP开发人员,我想学习如何创建一个简单的登录之前,我与会话的那些和饼干PHP的警告:mysqli_num_rows()预计参数1被mysqli_result,布尔给
放弃我的第一个代码的作品,但我想稍微减少代码,所以我尝试了其他的东西,这个错误出现,我很好奇为什么其他代码不起作用,而他们似乎并没有那么不同
<?php
//The code that works
include("connection.php");
$connection = mysqli_connect(Server,Uid,Pwd,Database);
if(!$connection){
die("Connection failed!" . mysqli_error($connection));
}
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($connection,$_POST['username']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
//$query = "SELECT * FROM 'user' WHERE Username = $username AND Password = $password";
$query = "SELECT * FROM user WHERE Username= '". mysqli_real_escape_string($connection,$username) ."' AND Password = '". mysqli_real_escape_string($connection,$password) ."'" ;
$result = mysqli_query($connection,$query);
$count = mysqli_num_rows($result);
if ($count == 1){
echo "Logged In Successfully! ";
}
else{
echo "Log In Failed! Invalid Username or Password! ";
}
}
?>
<?php
//The code that doesn't work
include("connection.php");
$connection = mysqli_connect(Server,Uid,Pwd,Database);
if(!$connection){
die("Connection failed!" . mysqli_error($connection));
}
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($connection,$_POST['username']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$query = "SELECT * FROM 'user' WHERE Username = $username AND Password = $password";
$result = mysqli_query($connection,$query);
$count = mysqli_num_rows($result);
if ($count == 1){
echo "Logged In Successfully! ";
}
else{
echo "Log In Failed! Invalid Username or Password! ";
}
}
?>
它们不应该只是相同的,因为在代码的第二个版本中,我只是将mysqli_real_escape_string放在变量的值中,所以如何来调用$ username和包含mysqli_real_escape_string的$ password变量会产生这个错误?那么它总是必须像这样每个查询?
为什么你加倍转义字符串的用户名和密码?你也应该检查是否没有错误您运行查询,然后尝试计算行NUMS –
变化'SELECT * FROM“用户” ...''到SELECT * FROM user'。单引号不允许用于封闭表名或列名。相反,使用反引号。 –