我正在使用mysql_num_rows检查是否为我的用户登录返回了一行,如果count == 1然后登录用户,我得到一个错误,虽然我的代码在我之后.有什么建议?
警告:mysql_num_rows():提供的参数不是第13行/home/web42001spring09/rcoughlin/public_html/process-login.php中的有效MySQL结果资源
<?php
// include database info
include("config.php");
if(isset($_POST["submit"])){
// get data from form
$username = $_POST["user"];
$password = $_POST["pass"];
$query = "SELECT username,password,id FROM login WHERE username=".$username." AND password=".$password." LIMIT 1";
$result = mysql_query($query);
$count = mysql_num_rows($result);
// if 1 then login them in set cookie and redirect
if($count==1){
setcookie("password", "".$password."", time()+3600);
setcookie("username", "".$username."", time()+3600);
header("Location:admin.php");
}else{
echo "Wrong Username or password combination";
}
}else{
echo "Must be submitted via form.";
}
不确定为什么代码正在绘制这个问题?我以前用过这种方法.
Gre*_*reg 10
您没有在查询中引用字符串,因此您的SQL语句无效.
$query = "SELECT username,password,id FROM login WHERE username='" . mysql_escape_string($username) . "' AND password = '" . mysql_escape_string($password) . "' LIMIT 1";
$result = mysql_query($query) or die(mysql_error());
您需要添加引号并使用mysql_escape_string或mysql_real_escape_string防止SQL注入攻击.
| 归档时间: |
|
| 查看次数: |
1616 次 |
| 最近记录: |