开发者

mysql_num_rows() not working at all

问答 作者:

I have this piece of PHP code:

<?php
$username=$_POST['username'];
$p开发者_如何学JAVAassword=$_POST['password'];

if($username&&$password){
$connect=mysql_connect("localhost","root","") or die(" Couldnt connect");
mysql_select_db("phplogin") or die ("Can't find database" .mysql_error());  
$query=mysql_query("SELECT * users WHERE username='$username' ");
$numrows=mysql_num_rows($query);
if (!$query) {
die('Invalid query: ' . mysql_error());
}
}
else
die ("Enter username and password!") .mysql_error();
?>

However, when I try to run this code I get these errors:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\PHP testing\login.php on line 9

and

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'users WHERE username='alex'' at line 1

Can someone explain to me what I'm I doing wrong here?

You must specify a table from which you're selecting with FROM keyword:

$query=mysql_query("SELECT * FROM users WHERE username='$username' ");
$numrows=mysql_num_rows($query);

you should really check for errors after your query, then the system will tell you what is wrong

$query = mysql_query("SELECT * users WHERE username='$username' ");

if (mysql_error() {
   die(mysql_error());
}

$numrows = mysql_num_rows($query);

as @mike commented, your select query is missing the from bit

"SELECT * FROM users WHERE username='$username' "

Well Your code is vulnerable to SQL Injection Attack 

$username=$_POST['username'];
$password=$_POST['password'];

instead of above use this code 

$username= mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);


$connect = mysql_connect("localhost","root","") or die("Couldn't connect!");
mysql_select_db("phplogin") or die("Couldn't find db");
$result = mysql_query("SELECT * FROM admin", $connect);
$numrows = mysql_num_rows($result);

and it will evaluate resource 

$query = mysql_query("SELECT * users WHERE username='$username' ");
if (mysql_error() {
   die(mysql_error());
}
$numberOfRows = mysql_num_rows($query);
echo $numberOfRows;

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9