我几乎可以肯定下面这行是错误的:
if ($mQuery){
但是由于num_rows不起作用,所以我使用它。
如果条件是错误的,我应该怎么做呢?
我的PHP登录代码:
<?php
$mysqli = mysqli_connect("localhost","myUser","myPass","myDB");
$error = false;
$mQuery = $mysqli->query('SELECT * FROM usuarios WHERE usuario = '.$mysqli->real_escape_string(md5($_POST['usuario'])).' AND senha = '.$mysqli->real_escape_string(md5($_POST['senha'])));
if ($mQuery){
$mAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) and strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
if ($mAjax)
{
header('Cache-Control: no-cache, must-revalidate');
header('Expires: '.date('r', time()+(86400*365)));
header('Content-type: application/json');
echo json_encode(array(
'logged' => !$error
));
exit();
}
elseif (!$error)
{
exit();
}
}
?>
尝试从
更改查询$mQuery = $mysqli->query('SELECT * FROM usuarios WHERE usuario = '.$mysqli->real_escape_string(md5($_POST['usuario'])).' AND senha = '.$mysqli->real_escape_string(md5($_POST['senha'])));
$mQuery = $mysqli->query("SELECT * FROM usuarios WHERE usuario = '" .
$mysqli->real_escape_string(md5($_POST['usuario'])) .
"' AND senha = '" .
$mysqli->real_escape_string(md5($_POST['senha'])) . "'");