0

嘿,我正在尝试验证我的 xml 文件中的用户名和密码是否与我的数据库中的相同,但 mysql_num_rows 为零。所以我的 SELECT 查询一定有问题。这是我的代码:

 public function verifyDB()
{
   //connection to database
    mysql_connect('localhost','root','') or die(mysql_error());
    mysql_select_db('proiect_is') or die(mysql_error());

     $data =mysql_query("SELECT id FROM users WHERE userName ='$this->xml->parameters->username' AND password ='$this->xml->parameters->pass'");
    //we check if any row was returned
    echo $data;
     echo $this->xml->parameters->username."<BR>";
     echo $this->xml->parameters->pass."<BR>";
     print_r(mysql_num_rows($data));
    if (mysql_num_rows($data))
    {

       $row = mysql_fetch_assoc($data);
       $this->_id= $row['id'];
       echo $row;
       return true;
    }
    else
    {return false;}

}

这是我的 xml 登录文件:

 <xml version="">
  <action>log_in</action>
  <parameters>
    <username>Ionel P</username>
<pass>abdef01</pass>
  </parameters>
 </xml>
4

4 回答 4

8

如果你在字符串中插入变量,你应该{}像这样使用:

"SELECT id FROM users WHERE userName ='{$this->xml->parameters->username}' AND password ='{$this->xml->parameters->pass}'"

这告诉解析器插入变量$this->xml->parameters->username,否则它只会尝试使用$this(并留下->xml->parameters->username文本,最终以“ [toString-Text of your Object]->xml->parameters->username ” 结尾,这显然是错误的)。

于 2012-05-11T17:51:14.320 回答
1

尝试:

$data =mysql_query("SELECT id FROM users WHERE userName ='".$this->xml->parameters->username."' AND password ='".$this->xml->parameters->pass."'");
于 2012-05-11T17:50:28.580 回答
1 

$data =mysql_query("SELECT id FROM users WHERE userName ='$this->xml->parameters->username' AND password ='$this->xml->parameters->pass'");
echo mysql_error();

返回任何错误?这应该可以很好地指示问题出在哪里。

于 2012-05-11T17:51:35.070 回答
1

试试这个:

$data =mysql_query(sprintf("SELECT id FROM users WHERE userName ='%s' AND password ='%s'", mysql_real_escape_string($this->xml->parameters->username), mysql_real_escape_string($this->xml->parameters->pass)));
于 2012-05-11T17:51:47.463 回答