<?php
session_start();
include_once ('connection.php');
if (isset($_POST['login'])){
$uemail = $_POST['email'];
$upassword = $_POST['password'];
}
$query = "SELECT * FROM users WHERE email = $uemail and password = $upassword";
$result = mysqli_query($connection, $query);
if(mysql_num_rows($query) == 1){
$_SESSION['email'] = $email;
header('Location: newfeeds.php');
exit();
}else{
while ($row = mysql_fetch_assoc($result)) {
echo $row["email"];
echo $row["password"];
}
}
?>
我有 php 手册,它说停止使用 sql 并替换 sqli,但这不起作用。它抛出了一个错误。
连接成功 致命错误:调用未定义的函数 mysql_num_rows() 在 D:''XAMPP''htdocs''codeinventor''login.php 第 14 行
将所有 mysql_* 函数更改为 mysqli_* 函数。
你不能同时使用 mysql 和 mysqli
。它们是单独的 API,它们创建的资源彼此不兼容。因此,将mysql_*
替换为mysqli_*
会有所帮助!
我同意这里所有人的观点,您应该将所有mysql_*函数更改为mysqli_*函数。
使用 mysql API 到您的代码。请使用以下代码:
<?php
session_start();
include_once ('connection.php');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_POST['email'] != "" AND $_POST['password'] != ""){
$uemail = $_POST['email'];
$upassword = $_POST['password'];
$query = "SELECT * FROM users WHERE email = '$uemail' and password = '$upassword'";
$result = mysqli_query($connection, $query);
if(mysql_num_rows($query) == 1){
$_SESSION['email'] = $email;
header('Location: newfeeds.php');
exit();
}else{
while ($row = mysql_fetch_assoc($result)) {
echo $row["email"];
echo $row["password"];
}
}
}else{
echo "mail or password is not valid";
}
}else{
echo "The form has been not submitted";
}
?>
如果一个用户输入了以下字符串作为用户名:
"或 uid 如 '%admin%
您的查询将如下所示:
$query = "SELECT * FROM users WHERE email = '' or uid like '%admin%' and password = '$upassword'";
这就是为什么我们告诉您必须将所有mysql_*函数更改为mysqli_*函数。