我真的不明白为什么这不起作用。我已经检查了几次,甚至将其与我已经完成的其他例子进行比较。请注意,我已将它放到最简单的表单中,因此没有sql注入保护。那会晚一点。在这样的查询num_rows一直返回null
$sql= "SELECT * FROM Users WHERE `email` = '$username' AND `password` = '$password'";
我真的不明白为什么这不起作用。我已经检查了几次,甚至将其与我已经完成的其他例子进行比较。请注意,我已将它放到最简单的表单中,因此没有sql注入保护。那会晚一点。在这样的查询num_rows一直返回null
$sql= "SELECT * FROM Users WHERE `email` = '$username' AND `password` = '$password'";
使用反引号列的应该是:
//since user and password is not blank, find user info using the email and password entered by user
$sql= "SELECT * FROM `Users` WHERE `email` = '{$username}' AND `password` = '{$password}';";
您的查询
//user real escape string to prevent SQL injection
$username = $_POST['username'];
$password = $_POST['password'];
//check if username and password is blank
if (!$username || !$password)
die ("Not all the fields were filled in");
//Server details
$host = 'localhost';
$user = 'tm_user';
$password = 'password';
//The database name
$database = 'TransportMe';
// Create connection
$con = new mysqli($host, $user, $password, $database);
// Check connection
if ($con->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//since user and password is not blank, find user info using the email and password entered by user
$sql= "SELECT * FROM Users WHERE 'email'='$username' AND 'password' = '$password';";
//Get the results
$result = $con->query($sql);
//Check if null
if ($result->num_rows == null)
die("Null");
我希望这是很容易的。我以前做过类似的事情,不幸的是不是。我曾尝试用您的代码替代,正如预期的那样。我相信这与混合客观和程序化mysql代码有关。如果没有空间或什么的话,我可能只是看看 –
只是一个观察:你应该永远** **存储密码以纯文本! –
''email''字段名称标有'backtics',而不是''' – anonymous