Php 传递给sqlsrv_fetch_数组的参数无效
我在android开发后端使用PHPWeb服务。与php和MSSQL服务器的连接是成功的,但不幸的是,我停留在这一部分:Php 传递给sqlsrv_fetch_数组的参数无效,php,authentication,session,sqlsrv,Php,Authentication,Session,Sqlsrv,我在android开发后端使用PHPWeb服务。与php和MSSQL服务器的连接是成功的,但不幸的是,我停留在这一部分: <?php session_start(); include "connect.php"; $user_name = $_POST["username"]; $user_pass = strval($_POST["password"]); //echo $user_name; //echo $user_pass; //$user_name = "admin"; //$
<?php
session_start();
include "connect.php";
$user_name = $_POST["username"];
$user_pass = strval($_POST["password"]);
//echo $user_name;
//echo $user_pass;
//$user_name = "admin";
//$user_pass = "admin";
$mysql_qry="SELECT ID, Password FROM user WHERE (ID = '" . $_POST["username"] . "' AND Password = '" . $_POST["password"] . "')";
$result= sqlsrv_query($conn ,$mysql_qry);
$row = sqlsrv_fetch_array($result);
if($row) {
$_SESSION["ID"] = $row['ID'];
header ('location:../createUser.php');
}else{
die( print_r( sqlsrv_errors(), true));
}
?>
它显示错误:向sqlsrv_fetch_数组传递了无效参数
这是我的登录表单:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no"
/>
<meta name="description" content="" />
<meta name="author" content="" />
<title>Login</title>
<!-- Custom fonts for this template-->
<link
href="vendor/fontawesome-free/css/all.min.css"
rel="stylesheet"
type="text/css"
/>
<link
href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i"
rel="stylesheet"
/>
<!-- Custom styles for this template-->
<link href="css/sb-admin-2.min.css" rel="stylesheet" />
</head>
<body class="bg-gradient-primary">
<div class="container">
<!-- Outer Row -->
<div class="row justify-content-center">
<div class="col-xl-10 col-lg-12 col-md-9">
<div class="card o-hidden border-0 shadow-lg my-5">
<div class="card-body p-0">
<!-- Nested Row within Card Body -->
<div class="row">
<img class="col-lg-6 d-none d-lg-block " src="img/Login.png">
<div class="col-lg-6">
<div class="p-5">
<div class="text-center">
<h1 class="h4 text-gray-900 mb-4">
Welcome To DEMO 1
</h1>
</div>
<form class="user" method="POST" action="php/login.php">
<div class="form-group">
<input
type="text"
name="username"
class="form-control form-control-user"
id="exampleInputEmail"
aria-describedby="emailHelp"
placeholder="Enter Username..."
/>
</div>
<div class="form-group">
<input
type="password"
name="password"
class="form-control form-control-user"
id="exampleInputPassword"
placeholder="Password"
/>
</div>
<button
class="btn btn-primary btn-user btn-block"
type="submit"
>
Login
</button>
</form>
<hr />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Bootstrap core JavaScript-->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Core plugin JavaScript-->
<script src="vendor/jquery-easing/jquery.easing.min.js"></script>
<!-- Custom scripts for all pages-->
<script src="js/sb-admin-2.min.js"></script>
</body>
</html>
登录
欢迎来到演示1
登录
我已经检查了参数,一切看起来都很好。为什么会发生错误?我想您需要一个参数
$row = sqlsrv_fetch_array($result);
那么,换成
$row = sqlsrv_fetch_array( $result, SQLSRV_FETCH_ASSOC)
或者,编辑您的查询
$mysql_qry="SELECT ID, Password FROM user WHERE ID = '$user_name' AND Password = '$user_pass' ";
请注意以下事项:
- 错误的一个可能解释是,您正在连接用户输入以生成SQL语句。事实上,您正在注入代码。永远不要这样做,始终使用准备好的语句和参数化查询来防止SQL注入。使用用于SQL Server的PHP驱动程序,函数
同时执行语句准备和语句执行,并可用于执行参数化查询李>sqlsrv_query()
- 您需要散列passowrd,因为此时您正在以纯文本形式传递密码。对密码进行哈希运算后,可以安全地将其传递到数据库
- 检查
执行的结果李>sqlsrv\u query()
- 请注意,您可以使用
函数检查结果集是否有一行或多行sqlsrv\u has\u rows()
<?php
session_start();
include "connect.php";
$user_name = $_POST["username"];
$user_pass = strval($_POST["password"]);
$mysql_qry = "
SELECT ID, Password
FROM user
WHERE ID = ? AND Password = ?
";
$params = array($user_name, $user_pass);
$result = sqlsrv_query($conn, $mysql_qry, $params);
if ($result === false) (
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
)
if (sqlsrv_has_rows($result)) {
// You don't even need to fetch the record, just use:
// $_SESSION["ID"] = $user_name;
// header ('location:../createUser.php');
$row = sqlsrv_fetch_array($result);
if ($row === false) {
echo "Error (sqlsrv_fetch_array): ".print_r(sqlsrv_errors(), true);
exit;
}
$_SESSION["ID"] = $row['ID'];
header ('location:../createUser.php');
} else {
echo "User not found";
exit;
}
?>
再次检查我的答案