无法从MySQL表中检索数据
首先,我是php的新手。我也是MySQL的新手,所以请对我温和。其次,我知道mysql_ *被贬值,并且一旦我了解了更多信息,这个问题就会在稍后被修复。无法从MySQL表中检索数据
所以我有以下代码:
if(isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['password']) && !empty($_POST['password'])){
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);
$search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0){
$user=$search['forename'] .' '.$search['surname'];
$_SESSION['username']=$user;
$msg = 'Login Complete! Thanks, '.$user.'!';
}else{
$msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.';
}
}
很简单,我检查了电子邮件地址和密码匹配(我知道这是不是一个哈希密码......再次,不是一个问题,因为它是一个测试)。如果他们这样做,并且帐户已被激活,那么我想要返回用户名和姓(用户表中的forename/surname)并将它们存储在会话变量中。如果该变量已设置,我想使用此信息来确认用户已登录(并因此可以访问某些页面)。但是,此测试不返回用户名,而是输出:
登录完成!谢谢, !
任何帮助,将不胜感激。
记住由mysql_query的价值回归是资源,所以你需要将结果行获取作为关联数组。
while ($row = mysql_fetch_assoc($search))
{
$user=$row['forename'] .' '.$row['surname'];
$_SESSION['username']=$user;
}
作为旁注,查询是用SQL Injection脆弱,如果变量的值(小号)从外部来了。请看下面的文章,了解如何防止它。通过使用PreparedStatements你可以摆脱使用单引号围绕值。
这很完美。我删除了循环,因为它应该最多只有1个记录(电子邮件是主键)。现在我只需要开始检查会话是否正常。我一直有意要阅读更多停止注射,所以我一定会检查链接,谢谢! – Glenn 2013-02-27 14:17:18
这与mysql_fetch_array有何不同? – Glenn 2013-02-27 14:17:45
[mysql_fetch_array,mysql_fetch_assoc,mysql_fetch_object](http://stackoverflow.com/questions/1536813/mysql-fetch-array-mysql-fetch-assoc-mysql-fetch-object) – 2013-02-27 14:19:11
你需要做的$row = mysql_fetch_array($search);
然后
$user=$row['forename'] .' '.$row['surname'];
您更换代码 /* ** * ** * ** * ***代码* ***/ if(isset($ _P ($ _ POST ['email'])AND isset($ _ POST ['password'])& &!空($ _ POST ['password'])){$ email = mysql_escape_string($ _ POST ['email']); $ password = mysql_escape_string($ _ POST ['password']);
$search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0){
$user=$search['forename'] .' '.$search['surname'];
$_SESSION['username']=$user;
$msg = 'Login Complete! Thanks, '.$user.'!';
}else{
$msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.';
}
}
要
/* ** * ** * ** * ***我的代码* ***/
if(isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['password']) && !empty($_POST['password'])){
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);
$search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0){
$search = mysql_fetch_array($search);
$user=$search['forename'] .' '.$search['surname'];
$_SESSION['username']=$user;
$msg = 'Login Complete! Thanks, '.$user.'!';
}else{
$msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.';
}
}
请不要使用像mysql_这样不推荐使用的函数*。 – 2013-02-27 15:48:06
mysql_num_rows现在已弃用。使用PDO或mysqli。 – Husman 2013-02-27 14:11:56
你需要mysql_fetch_array:while($ row = mysql_fetch_array($ search)){ $ user = $ row ['forename']。' ”。$行[ '姓']; } – 2013-02-27 14:12:28
当你运行这个时会发生什么?你有一个SQL连接错误?或者什么也没有? – Husman 2013-02-27 14:13:37