为什么 mysqli_num_rows() 需要期望参数 1 为 mysqli_result,在...中给出的布尔值?
Why does mysqli_num_rows() needs to expect parameter 1 to be mysqli_result,boolean given in...?
我在 wampserver 中的一个 php 文件中遇到问题。我有 3 个 php 文件,分别命名为 initial, registration and confirmation.
初始和注册 php 文件正在相应地工作。
但是我的第三个文件确认是 not.My table 名称是 "user_information".
代码如下:
initial.php
<?php
$db_name = "myappdb";
$mysql_user = "root";
$mysql_pass = "";
$server_name = "localhost";
$con = mysqli_connect($server_name, $mysql_user, $mysql_pass, $db_name);
if (!$con) {
echo"Error in connection try again..." . mysqli_connect_error();
} else {
echo"<h3>Database is successfully connected!...</h3>";
}
?>
registration.php
<?php
require'initial.php';
$name = "angelina";
$user_name = "tom";
$user_pass = "cruise123";
$sql_query = "insert into user_information values('$name','$user_name','$user_pass');";
if (mysqli_query($con, $sql_query)) {
echo"<h3> Data is successfully inserted...</h3>";
} else {
echo"Data Insertion is wrong..." . mysqli_error($con);
}
?>
confirmation.php
<?php
require'initial.php';
$user_name = "tom";
$user_pass = "cruise123";
$sql_query = "select name from user_informtion where user_name = '" . mysqli_real_escape_string($con, $user_name) . "' and user_pass = '" . mysqli_real_escape_string($con, $user_pass) . "' ";
$result = mysqli_query($con, $sql_query);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$name = $row["name"];
echo"<h3>Hello welcome" . $name . "</h3>";
} else {
echo"No information is available...";
}
?>
而且我不知道为什么会出现此错误:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in.
请帮我解决这个问题。
您在 confirmation.php 页面上的查询有误。
您的查询:
$sql_query="select name from user_informtion where user_name like'$user_name' and user_pass like'$user_pass';";
如果您想使用 like 子句,请将您的查询更改为:
$sql_query="select name from user_informtion where user_name like '%$user_name%' and user_pass like '%$user_pass%'";
但我建议您使用 '=':
$sql_query="select name from user_informtion where user_name ='".$user_name."' and user_pass = '".$user_pass."'";
使用 "=" 而不是 LIKE 并使用 mysqli_real_escape_string() 来防止 sql 注入。
替换:
$sql_query="select name from user_informtion where user_name like'$user_name' and user_pass like'$user_pass';";
有了这个:
$sql_query="select name from user_informtion where user_name = '".mysqli_real_escape_string($con, $user_name)."' and user_pass = '".mysqli_real_escape_string($con, $user_pass)."' ";
我在 wampserver 中的一个 php 文件中遇到问题。我有 3 个 php 文件,分别命名为 initial, registration and confirmation.
初始和注册 php 文件正在相应地工作。 但是我的第三个文件确认是 not.My table 名称是 "user_information".
代码如下:
initial.php
<?php
$db_name = "myappdb";
$mysql_user = "root";
$mysql_pass = "";
$server_name = "localhost";
$con = mysqli_connect($server_name, $mysql_user, $mysql_pass, $db_name);
if (!$con) {
echo"Error in connection try again..." . mysqli_connect_error();
} else {
echo"<h3>Database is successfully connected!...</h3>";
}
?>
registration.php
<?php
require'initial.php';
$name = "angelina";
$user_name = "tom";
$user_pass = "cruise123";
$sql_query = "insert into user_information values('$name','$user_name','$user_pass');";
if (mysqli_query($con, $sql_query)) {
echo"<h3> Data is successfully inserted...</h3>";
} else {
echo"Data Insertion is wrong..." . mysqli_error($con);
}
?>
confirmation.php
<?php
require'initial.php';
$user_name = "tom";
$user_pass = "cruise123";
$sql_query = "select name from user_informtion where user_name = '" . mysqli_real_escape_string($con, $user_name) . "' and user_pass = '" . mysqli_real_escape_string($con, $user_pass) . "' ";
$result = mysqli_query($con, $sql_query);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$name = $row["name"];
echo"<h3>Hello welcome" . $name . "</h3>";
} else {
echo"No information is available...";
}
?>
而且我不知道为什么会出现此错误:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in.
请帮我解决这个问题。
您在 confirmation.php 页面上的查询有误。
您的查询:
$sql_query="select name from user_informtion where user_name like'$user_name' and user_pass like'$user_pass';";
如果您想使用 like 子句,请将您的查询更改为:
$sql_query="select name from user_informtion where user_name like '%$user_name%' and user_pass like '%$user_pass%'";
但我建议您使用 '=':
$sql_query="select name from user_informtion where user_name ='".$user_name."' and user_pass = '".$user_pass."'";
使用 "=" 而不是 LIKE 并使用 mysqli_real_escape_string() 来防止 sql 注入。
替换:
$sql_query="select name from user_informtion where user_name like'$user_name' and user_pass like'$user_pass';";
有了这个:
$sql_query="select name from user_informtion where user_name = '".mysqli_real_escape_string($con, $user_name)."' and user_pass = '".mysqli_real_escape_string($con, $user_pass)."' ";