$username = stripslashes($username);
// check if usernames exists
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = $username";
if ($result = mysqli_query($pdo,$sql)) {
$row = mysqli_num_rows($result);
// if yes, fetch the encrypted password
您缺少字符串值周围的引号:
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = '$username'";
如果您正在使用mysqli,为什么要限制自己手动清理输入呢?MysqlI已经准备好语句来正确处理和格式化你的查询。
$Conn = new mysqli("host","user","pass","database");
$Query = $Conn->prepare("SELECT Login_Name FROM memberdirectory WHERE Login_name=?");
$Query->bind_param('s',$username);
$Query->execute();
$Query->fetch();
$Row_Number = $Query->num_rows;
$Query->close(); // close the connection. Always a benefit and can save you complications later down the line
Then validate:
if ($Row_Number > 0){
} // Example only.
$username = stripslashes($username);
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name =".$username;
if ($result = mysqli_query($pdo,$sql)) {
$row = mysqli_num_rows($result);