doulandai0641 2017-08-26 07:54
浏览 70
已采纳

PHP警告:mysqli_num_rows()期望参数1为mysqli_result,boolean给出[duplicate]

I am a newbie PHP Developer and I'm trying to study how to create a simple login before I forego with the ones with session and cookies

My first code works but I want to lessen the code a bit, So i tried something else and this error appears and I'm curious why the other code doesn't work whereas they don't seem to be that different 

    <?php
//The code that works
include("connection.php");

$connection = mysqli_connect(Server,Uid,Pwd,Database);
if(!$connection){
    die("Connection failed!" . mysqli_error($connection));
}

if(isset($_POST['submit'])){
    $username = mysqli_real_escape_string($connection,$_POST['username']);
    $password = mysqli_real_escape_string($connection,$_POST['password']);
     //$query = "SELECT * FROM 'user' WHERE Username = $username AND Password = $password";
     $query = "SELECT * FROM user WHERE  Username= '". mysqli_real_escape_string($connection,$username) ."' AND Password = '". mysqli_real_escape_string($connection,$password) ."'" ;
     $result = mysqli_query($connection,$query);
     $count = mysqli_num_rows($result);
     if ($count == 1){
        echo "Logged In Successfully! "; 
      }
       else{
        echo "Log In Failed! Invalid Username or Password! "; 
      }
}

?>



 <?php
//The code that doesn't work
include("connection.php");

$connection = mysqli_connect(Server,Uid,Pwd,Database);
if(!$connection){
    die("Connection failed!" . mysqli_error($connection));
}

if(isset($_POST['submit'])){
    $username = mysqli_real_escape_string($connection,$_POST['username']);
    $password = mysqli_real_escape_string($connection,$_POST['password']);
     $query = "SELECT * FROM 'user' WHERE Username = $username AND Password = $password";
     $result = mysqli_query($connection,$query);
     $count = mysqli_num_rows($result);
     if ($count == 1){
        echo "Logged In Successfully! "; 
      }
       else{
        echo "Log In Failed! Invalid Username or Password! "; 
      }
}

?>

Shouldn't they be just the same because in the second version of the code I just placed the mysqli_real_escape_string in the value of the variable so how come calling the $username and $password variable containing mysqli_real_escape_string produces this error? So does it always have to be like this every query?

</div>
  • 写回答

1条回答 默认 最新

  • dongsun2789 2017-08-26 09:45
    关注

    1) Change SELECT * FROM 'user'.. to SELECT * FROM user... Single quotes are not allowed to enclose table or column name. Instead, Use Backtick.

    2) Use PHP Prepared Statements

    3) If storing plain password in DB, then encrypt it before saving it to table.

    <?php
include("connection.php");

$connection = mysqli_connect(Server, Uid, Pwd, Database);
if (!$connection) {
  die("Connection failed!" . mysqli_error($connection));
}

if (isset($_POST['submit'])) {
  $stmt = mysqli_prepare($connection, "SELECT * FROM `user` WHERE Username = ? AND Password = ?");
  mysqli_stmt_bind_param($stmt, "ss", $_POST['username'], $_POST['password']);
  mysqli_stmt_execute($stmt);
  mysqli_stmt_store_result($stmt);
  $count = mysqli_stmt_num_rows($stmt);
  if ($count == 1) {
    echo "Logged In Successfully! ";
  } else {
    echo "Log In Failed! Invalid Username or Password! ";
  }
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 (希望可以解决问题)ma和mb文件无法正常打开,打开后是空白,但是有正常内存占用,但可以在打开Maya应用程序后打开场景ma和mb格式。
  • ¥20 ML307A在使用AT命令连接EMQX平台的MQTT时被拒绝
  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?
  • ¥15 错误 LNK2001 无法解析的外部符号
  • ¥50 安装pyaudiokits失败
  • ¥15 计组这些题应该咋做呀
  • ¥60 更换迈创SOL6M4AE卡的时候,驱动要重新装才能使用,怎么解决?
  • ¥15 让node服务器有自动加载文件的功能
  • ¥15 jmeter脚本回放有的是对的有的是错的