>Hei ,我正在尝试验证我的 xml 文件中的用户名和密码是否与数据库中的用户名和密码相同,但mysql_num_rows为零。所以我的 SELECT 查询一定有问题。这是我的代码:
public function verifyDB()
{
//connection to database
mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('proiect_is') or die(mysql_error());
$data =mysql_query("SELECT id FROM users WHERE userName ='$this->xml->parameters->username' AND password ='$this->xml->parameters->pass'");
//we check if any row was returned
echo $data;
echo $this->xml->parameters->username."<BR>";
echo $this->xml->parameters->pass."<BR>";
print_r(mysql_num_rows($data));
if (mysql_num_rows($data))
{
$row = mysql_fetch_assoc($data);
$this->_id= $row['id'];
echo $row;
return true;
}
else
{return false;}
}
这是我的xml登录文件:
<xml version="">
<action>log_in</action>
<parameters>
<username>Ionel P</username>
<pass>abdef01</pass>
</parameters>
</xml>
如果要在字符串中插入变量,则应使用如下{}:
"SELECT id FROM users WHERE userName ='{$this->xml->parameters->username}' AND password ='{$this->xml->parameters->pass}'"
这告诉解析器将变量插入$this->xml->parameters->username,否则它只会尝试使用$this(并保留->xml->parameters->username作为文本,最终出现在"[toString-Text of Your Object]->xml->parameters->username"中,这显然是错误的)。
尝试:
$data =mysql_query("SELECT id FROM users WHERE userName ='".$this->xml->parameters->username."' AND password ='".$this->xml->parameters->pass."'");
$data =mysql_query("SELECT id FROM users WHERE userName ='$this->xml->parameters->username' AND password ='$this->xml->parameters->pass'");
echo mysql_error();
返回任何错误? 这应该可以很好地指示问题所在。
试试这个:
$data =mysql_query(sprintf("SELECT id FROM users WHERE userName ='%s' AND password ='%s'", mysql_real_escape_string($this->xml->parameters->username), mysql_real_escape_string($this->xml->parameters->pass)));