检查SQL数据库中的记录，这里有什么问题 - Checking for record in SQL databse, what is wrong here?

Checking for record in SQL databse, what is wrong here?

可能的重复项：
在 PHP
中停止 SQL 注入的最佳方法提供的参数不是有效的 MySQL 结果资源
PHP/MySQL 帐户激活

一辈子都想不通...

基本上，我只想检查记录是否存在，如果不存在，请做某事，如果存在，则做其他事情。无法让它与我编写的这段代码一起工作。

首先，错误：

警告：mysql_num_rows((：提供的参数不是 claimreview 中的有效 MySQL 结果资源.php第 7 行

这是我的数据库连接(工作正常，因为它不会给出任何错误(

dbconn.php
<?
// e.g. dbconn('localhost','your_database','your_login','your_pass');
$db = dbconn('localhost','db','login','pass');
// No need to edit below this line.
function dbconn($server,$database,$user,$pass){
// Connect and select database.
$db = mysql_connect($server,$user,$pass);
$db_select = mysql_select_db($database,$db);
return $db;
}
?>

这是我的脚本，它接收一封电子邮件(我正在回显以确保它正在接收电子邮件，而且确实如此(

<?php
include('functions/dbconn.php');
$email = $_POST["email"];
$sql = "SELECT * FROM reviewers WHERE email = '$email'";
echo $sql;
$result = mysql_query($sql);
$num = mysql_num_rows($result); //LINE 7
if ($num > 0) {
echo "Found record";
}
else
{
echo "Didn't find record </br>";
}
echo $num;
echo $email;
    ?>

它也回显了看起来像这样的 SQL：

SELECT * FROM reviewers WHERE email = 'email-from-form-here'

测试 sql 查询：

$result = mysql_query($sql) or die(mysql_error());

您需要添加一些错误处理以找出出了什么问题。每个mysql_...函数可能会失败，然后返回 false，mysql_error(( 可以告诉您有关错误的更多信息。
让我们从您的 dbconn 函数开始。

<?php
function dbconn($server,$database,$user,$pass) {
    // Connect and select database.
    // 1. give the calling script at least a chance to detect connect/db-select errors
    $db = mysql_connect($server,$user,$pass);
    if ( $db ) {
        $db_select = mysql_select_db($database, $db);
        if ( !$db_select ) {
            $db = false;
        }
    }
    return $db;
}

然后是主脚本

<?php
require 'functions/dbconn.php';
// 2. check if the database connection has been established
if ( !$db ) {
    die(mysql_error());
}
// 3. prevent sql injections
$email = mysql_real_escape_string($_POST["email"], $db);
// 4. If you don't need the data itself use Count(*) instead of mysql_num_rows()
$sql = "SELECT Count(*) FROM reviewers WHERE email = '$email'";
echo $sql;
$result = mysql_query($sql, $db);
// 5. check for errors 
if ( !$result ) {
    die(mysql_error($db));
}
// 6. SELECT Count(*) returns the result as a record, fetch it
$row = mysql_fetch_row($result);
// 7. ...it _should_ return a record, test it
if ( !$row ) {
    die('error: no record');
}
if ( '0'==$row[0] ) {
    echo "Didn't find record </br>";
}
else
{
    echo "Found record";
}