Php Mysqli_查询选择返回false
我目前正试图根据学号和密码获取某个用户…问题是mysqli_query不断返回false(?)语句。虽然我通过在PHPMyAdmin中测试来检查查询。我的问题是:Php Mysqli_查询选择返回false,php,mysqli,Php,Mysqli,我目前正试图根据学号和密码获取某个用户…问题是mysqli_query不断返回false(?)语句。虽然我通过在PHPMyAdmin中测试来检查查询。我的问题是: $number = $_POST['number']; $password = $_POST['password']; $sql = "SELECT studentNumber FROM student where studentNumber = '$number'" ; $result = mysqli_query($conn,
$number = $_POST['number'];
$password = $_POST['password'];
$sql = "SELECT studentNumber FROM student where studentNumber = '$number'" ;
$result = mysqli_query($conn, $sql) or die(mysqli_error());;
if(!$result){
echo "FAIL";
}
else if($result > 0){
header("register.html");
}else{
$sql = "INSERT INTO 'sampleDB'.'student'('userID', 'studentNumber', 'password') VALUES ('', $number, $password)";
header("login.html");
}
以下是我的连接部分代码:
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
改为
$sql = "SELECT studentNumber FROM student where studentNumber = '".$number."'" ;
您应该检查查询结果通过
num_rows
生成了多少行,然后如果为零,则进行一些插入
请注意,列引号实际上是反引号,而不是单引号:
$number = $_POST['number'];
$password = $_POST['password'];
// checking
$sql = 'SELECT studentNumber FROM student WHERE studentNumber = ?';
$select = $conn->prepare($sql);
$select->bind_param('s', $number);
$select->execute();
// if there is no student number, register
if($select->num_rows > 0) {
// there is student number found
header('Location: index.html'); exit;
} else {
// there is NO student number found
$sql = 'INSERT INTO sampleDB.student(userID, studentNumber, password) VALUES (NULL, ?, ?)';
$insert = $conn->prepare($sql);
$insert->bind_param('ss', $number, $password);
$insert->execute();
header('Location: login.html');
}
旁注:您的连接代码在这个问题上似乎被截断了。不要忘记将数据库名称添加到连接中:
$conn = new mysqli($servername, $username, $password, $database_name);
首先获取结果并在您的条件下使用它
$result2 = mysql_fetch_array($result);
它无法连接的原因似乎是因为我在创建mysqli对象时没有在连接中包含dbname…在包含dbname之后,它现在通过插入部分。虽然我的插入查询似乎根本不起作用,但这是否回答了您的问题@user3580218是的,您应该使用准备好的语句,目前您所拥有的易受SQL注入攻击。很高兴这有助于
$select->num_rows
始终为0。
$result2 = mysql_fetch_array($result);