Php 传递给sqlsrv_fetch_数组的参数无效_Php_Authentication_Session_Sqlsrv

Php 传递给sqlsrv_fetch_数组的参数无效

php authentication session

Php 传递给sqlsrv_fetch_数组的参数无效,php,authentication,session,sqlsrv,Php,Authentication,Session,Sqlsrv,我在android开发后端使用PHPWeb服务。与php和MSSQL服务器的连接是成功的，但不幸的是，我停留在这一部分： <?php session_start(); include "connect.php"; $user_name = $_POST["username"]; $user_pass = strval($_POST["password"]); //echo $user_name; //echo $user_pass; //$user_name = "admin"; //$

我在android开发后端使用PHPWeb服务。与php和MSSQL服务器的连接是成功的，但不幸的是，我停留在这一部分：

<?php
session_start();
include "connect.php";
$user_name = $_POST["username"];
$user_pass = strval($_POST["password"]);
//echo $user_name;
//echo $user_pass;

//$user_name = "admin";
//$user_pass = "admin";
$mysql_qry="SELECT ID, Password FROM user WHERE (ID = '" . $_POST["username"] . "'  AND Password = '" . $_POST["password"] . "')";
$result= sqlsrv_query($conn ,$mysql_qry);
$row  = sqlsrv_fetch_array($result);
if($row) {
$_SESSION["ID"] = $row['ID'];
header ('location:../createUser.php');
}else{
     die( print_r( sqlsrv_errors(), true));
}

?>

它显示错误：向sqlsrv_fetch_数组传递了无效参数

这是我的登录表单：

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta
      name="viewport"
      content="width=device-width, initial-scale=1, shrink-to-fit=no"
    />
    <meta name="description" content="" />
    <meta name="author" content="" />

    <title>Login</title>

    <!-- Custom fonts for this template-->
    <link
      href="vendor/fontawesome-free/css/all.min.css"
      rel="stylesheet"
      type="text/css"
    />
    <link
      href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"
      rel="stylesheet"
    />

    <!-- Custom styles for this template-->
    <link href="css/sb-admin-2.min.css" rel="stylesheet" />
  </head>

  <body class="bg-gradient-primary">
    <div class="container">
      <!-- Outer Row -->
      <div class="row justify-content-center">
        <div class="col-xl-10 col-lg-12 col-md-9">
          <div class="card o-hidden border-0 shadow-lg my-5">
            <div class="card-body p-0">
              <!-- Nested Row within Card Body -->
              <div class="row">
                <img class="col-lg-6 d-none d-lg-block " src="img/Login.png">

                <div class="col-lg-6">
                  <div class="p-5">
                    <div class="text-center">
                      <h1 class="h4 text-gray-900 mb-4">
                        Welcome To DEMO 1
                      </h1>
                    </div>
                    <form class="user" method="POST" action="php/login.php">
                      <div class="form-group">
                        <input
                          type="text"
                          name="username"
                          class="form-control form-control-user"
                          id="exampleInputEmail"
                          aria-describedby="emailHelp"
                          placeholder="Enter Username..."
                        />
                      </div>
                      <div class="form-group">
                        <input
                          type="password"
                          name="password"
                          class="form-control form-control-user"
                          id="exampleInputPassword"
                          placeholder="Password"
                        />
                      </div>

                      <button
                        class="btn btn-primary btn-user btn-block"
                        type="submit"
                      >
                        Login
                      </button>
                    </form>
                    <hr />

                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </div>

    <!-- Bootstrap core JavaScript-->
    <script src="vendor/jquery/jquery.min.js"></script>
    <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>

    <!-- Core plugin JavaScript-->
    <script src="vendor/jquery-easing/jquery.easing.min.js"></script>

    <!-- Custom scripts for all pages-->
    <script src="js/sb-admin-2.min.js"></script>
  </body>
</html>


登录
欢迎来到演示1
登录

我已经检查了参数，一切看起来都很好。为什么会发生错误？

我想您需要一个参数

$row  = sqlsrv_fetch_array($result);

那么，换成

$row = sqlsrv_fetch_array( $result, SQLSRV_FETCH_ASSOC)

或者，编辑您的查询

$mysql_qry="SELECT ID, Password FROM user WHERE ID = '$user_name' AND Password = '$user_pass' ";

请注意以下事项：

错误的一个可能解释是，您正在连接用户输入以生成SQL语句。事实上，您正在注入代码。永远不要这样做，始终使用准备好的语句和参数化查询来防止SQL注入。使用用于SQL Server的PHP驱动程序，函数
```
sqlsrv_query（）
```
同时执行语句准备和语句执行，并可用于执行参数化查询
您需要散列passowrd，因为此时您正在以纯文本形式传递密码。对密码进行哈希运算后，可以安全地将其传递到数据库
检查
```
sqlsrv\u query（）
```
执行的结果
请注意，您可以使用
```
sqlsrv\u has\u rows（）
```
函数检查结果集是否有一行或多行

下一个基于代码的示例可能有助于获得预期结果：

<?php
session_start();
include "connect.php";
$user_name = $_POST["username"];
$user_pass = strval($_POST["password"]);

$mysql_qry = "
    SELECT ID, Password 
    FROM user 
    WHERE ID = ? AND Password = ?
";
$params = array($user_name, $user_pass);
$result = sqlsrv_query($conn, $mysql_qry, $params);
if ($result === false) (
    echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
    exit;
)

if (sqlsrv_has_rows($result)) {
    // You don't even need to fetch the record, just use:
    // $_SESSION["ID"] = $user_name;
    // header ('location:../createUser.php');
    $row = sqlsrv_fetch_array($result);
    if ($row === false) {
        echo "Error (sqlsrv_fetch_array): ".print_r(sqlsrv_errors(), true);
        exit;
    }
    $_SESSION["ID"] = $row['ID'];
    header ('location:../createUser.php');
} else {
    echo "User not found";
    exit;
}
?>

再次检查我的答案