-1

您好,我目前遇到此代码的问题,我不确定将其他代码放在哪里。错误是这样的:

    mysql_num_rows() expects parameter 1 to be resource, boolean given in

这是我的代码:

    if ($_POST['submit'])
{           

            $username = $_POST['id'];
            $password = $_POST['pass'];
            //connect to the database here
            $username = mysql_real_escape_string($username);
            $query = "SELECT hashpass, salt
                    FROM users
                    WHERE username = '$username'";
            $result = mysql_query($query);
            if(mysql_num_rows($result) < 1) //no such user exists
            {
                echo "NO USER!";
            }
            $userData = mysql_fetch_array($result, MYSQL_ASSOC);
            $hash = sha1 ( $userData['salt'] . $password );
            if($hash != $userData['password']) //incorrect password
            {
                echo "WRONG PASS";
            }
            }

将不胜感激任何帮助。

4

2 回答 2

0

mysql_num_rows函数返回记录集中的行数。

int mysql_num_rows ( resource $result )

mysql_query函数对 MySQL 数据库执行查询。此函数返回 SELECT 查询的查询句柄、其他查询的 TRUE/FALSE 或失败时的 FALSE。

所以在你的情况下,你应该这样做

<?php

$link = mysql_connect("localhost", "mysql_user", "mysql_password");

$query = "SELECT hashpass, salt
                    FROM users
                    WHERE username = '$username'";

$result = mysql_query($query);

mysql_select_db("database", $link);

$result = mysql_query($query, $link);
$num_rows = mysql_num_rows($result);

if($num_rows < 1) //no such user exists
{
     echo "NO USER!";
}

?>
于 2012-08-27T06:22:32.393 回答
0

在我的类似脚本中,我首先检查 $result 以确保查询正常......我还假设每个用户只有一行!

$result = mysql_query($query);

if ($result)
{
  if(mysql_num_rows($result) == 1)
  {
    // user exists... check password
  }
  else
  {
    //no such user exists
    echo "NO USER!";
  }
}
else
{
  // Query failed - no such user
}

此外,以防该代码段适用于您的代码,我只会在您验证用户名后才包含密码检查!

于 2012-08-27T06:22:53.663 回答