【问题标题】:boolean error in php code in php with mysql使用mysql的php中的php代码中的布尔错误
【发布时间】:2017-01-29 01:24:50
【问题描述】:

我在通过$_post 方法将文本字段与 php 集成时遇到问题,我已经完成了几乎完整的代码,但它在第 84 行给了我布尔错误

if(mysqli_num_rows ||($run)==0)

我的整个代码是

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<h1 align="center">Registration form</h1>
<form action="registration.php" method="post">
    <table align="center" border="2">
        <tr>
            <td>User name</td>  <td><input type="text" placeholder="username" name="name" /></td>
        </tr>

        <tr>
            <td>Password</td>   <td><input type="password" placeholder="password" name="password" /></td>
        </tr>

        <tr>
            <td>Email</td>  <td><input type="email" placeholder="email" name="email" /></td>
        </tr>

        <tr>
            <td colspan="2" align="center"><input type="submit" value="submit" name="submit" /></td>
        </tr>
    </table>
</form>    
</body>
</html>


<?php
 //connection to database

 $servername = "localhost";
 $db_username = "user_db_users";
 $db_password = "123456789";
 $db_name = "users_db";

 $conn = new mysqli($servername, $db_username, $db_password, $db_name);

 //fatching data from form

if(isset($_POST['submit'])){

    $user_name = $_POST['name'];
    $user_pass = $_POST['password'];
    $user_email = $_POST['email'];


    //validatio form


    if($user_name==''){
        echo "<script>alert('please enter usernmae')</script>";
        exit();
        }

    if($user_pass==''){
        echo "<script>alert('please enter password')</script>";
        exit();
        }   

    if($user_email==''){
        echo "<script>alert('please enter email')</script>";
        exit();
        }

    $check_email = "select * from users where user_email='$user_email'";
    $run = mysql_query($check_email);

    if(mysqli_num_rows ||($run)==0){

        echo "<script>alert('Email $check_email is already exist')</script>";
        exit();
        }

    //Getting values from fields of registration form   

    $query = "insert into users(user_name, user_pass, user_email) values($user_name, $user_pass, $user_email)";

    if(mysql_query($query)){
        echo "<script>alert('registration successful')</script>";
        }
    }
?>

【问题讨论】:

  • if(mysqli_num_rows($run)==0)

标签: javascript php html mysql mysqli


【解决方案1】:

函数mysqli_num_rows() 需要一个 mysqli_result 参数,如果您希望逻辑正常工作,测试实际上也是错误的

所以改变

 if(mysqli_num_rows ||($run)==0){

if(mysqli_num_rows($run) > 0) {

这个查询也会失败

$query = "insert into users(user_name, user_pass, user_email) 
                     values($user_name, $user_pass, $user_email)";

所有文本列变量都应该像这样用引号括起来

$query = "insert into users(user_name, user_pass, user_email) 
                     values('$user_name', '$user_pass', '$user_email')";

但我不得不提到你的脚本有SQL Injection Attack的风险 看看Little Bobby TablesEven 发生了什么 if you are escaping inputs, its not safe! 使用prepared parameterized statements

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2017-01-02
    • 1970-01-01
    • 2013-04-04
    • 1970-01-01
    • 1970-01-01
    • 2014-05-04
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多