我只是PHP新手,我需要创建一个PHP登录表单,但它有一个语法错误,说Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:xampphtdocslogin.php on line 18
也许你可以在这个tnx上帮我!
<?php
$con=mysqli_connect("localhost","root","","reservation");
if (mysqli_connect_errno())
{
echo "Failed to connect to Database: " . mysqli_connect_error();
}
else
{
}
if ($_POST["SUBMIT"]="SUBMIT")
{
$username = $_POST['username'];
$password =$_POST['password'];
$sql ="SELECT * FROM usersaccount where='$username' and password ='$password'";
$result=mysqli_query($con,$sql);
$count=mysqli_num_rows($result);
if($count==1)
{
echo "success";
}
//mysqli_close($con);
}
?>
您的SELECT
语句错误。。。应该是
SELECT * FROM `usersaccount` WHERE `username` ='$username' and `password` ='$password'";
---------- // Here.. Added the column name
您没有为username
字段提供列名。那是你的问题。由于要将结果与条件相匹配,所以还需要WHERE
子句!
免责声明:停止使用mysql_*函数,因为它们已被弃用。请改用MySQLi或PDO
这意味着您的查询(即$sql
)已损坏。当您应该使用WHERE
子句时,您正在将表与字符串进行比较。此外,password
是保留字;逃离它,就像这样:
$sql ="SELECT * FROM usersaccount WHERE `username` ='$username' and `password` ='$password'";
此外,您对SQL注入是完全开放的;你需要准备好的陈述。
根据文档,您必须执行以下操作:
$con=mysqli_connect("localhost","root","","reservation");
//...
$query = "SELECT * FROM usersaccount ='$username' and password ='$password'";
if ($stmt = mysqli_prepare($con, $query)) {
mysqli_stmt_execute($stmt);/* execute query */
mysqli_stmt_store_result($stmt);/* store result */
printf("Number of rows: %d.n", mysqli_stmt_num_rows($stmt));
mysqli_stmt_close($stmt);/* close statement */
}
由于错误消息报告其第一个参数是布尔值,因此应该仔细查看第一个参数。
$result=mysqli_query($con,$sql);
阅读文档:如果有效,mysqli_query()
将返回mysqli_result()
,如果无效,则返回FALSE(布尔值)。所以,您的查询不起作用,它返回了一个布尔值。
您可能应该检查执行查询的结果,如果失败,您应该显示生成的错误消息:
if ( $result = mysqli_query($con, $sql) === FALSE ) {
printf("Invalid query: %snWhole query: %sn", mysqli_error, $sql);
exit();
}