1

我在第 23 行收到错误,即这一行:

if (mysql_num_rows($result) > 0) {

你能在下面看到我的代码并看到我错过的任何东西吗?

<?php
// Include database connection and select database UFPProducts
     include "../shopdb/connection.php";
?>
<?php
//
session_start();
// (2) Collect data from form and save in variables

$username=$_POST['username'];
$password=$_POST['password']; 

// (3) Create query of the form below to search the user table
//   "SELECT * FROM Users WHERE UserName='$username' AND  Password='$password'"

"SELECT * FROM USERS where Username='$username' AND Password='$password'"

// (3) Run query through connection

// (4) Check result of query using code below

// if rows found set authenticated user to the user name entered 
if (mysql_num_rows($result) > 0) { 
$_SESSION["authenticatedUser"] = $username;
// Relocate to the logged-in page
header("Location: loggedon.php");
} 
else
// login failed redirect back to login page with error message
{
$_SESSION["message"] = "Could not connect as $username " ;
header("Location: login.php");
}
?>

感谢您的时间和帮助

4

2 回答 2

0 
"SELECT * FROM USERS where Username='$username' AND Password='$password'";

最后加一个分号试试

于 2012-11-16T23:26:43.530 回答
0

使用此代码,这样您将最大限度地减少通过 SQL 注入攻击您的网站的机会。

<?php
// Include database connection and select database UFPProducts
     include "../shopdb/connection.php";
?>
<?php
//
session_start();
// (2) Collect data from form and save in variables

$username=mysql_real_escape_string(htmlentities($_POST['username']));
$password=mysql_real_escape_string(htmlentities($_POST['password']));

// (3) Create query of the form below to search the user table
//   "SELECT * FROM Users WHERE UserName='$username' AND  Password='$password'"

$query = "SELECT * FROM USERS where Username='$username' AND Password='$password'";
$result = mysql_query($query) or die (mysql_error()); 

// (3) Run query through connection

// (4) Check result of query using code below

// if rows found set authenticated user to the user name entered 
if (mysql_num_rows($result) > 0) { 
$_SESSION["authenticatedUser"] = $username;
// Relocate to the logged-in page
header("Location: loggedon.php");
} 
else
// login failed redirect back to login page with error message
{
$_SESSION["message"] = "Could not connect as $username " ;
header("Location: login.php");
}
?>
于 2012-11-16T23:34:50.420 回答