-3

我的问题是:

 <?php
 function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT_COUNT('user_id') FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false;
 }
 ?>

如您所见,我已包含正确的数据库名称并且用户确实存在,这就是我调用它以从 sql 中提取的位置:

<?php
include 'core/init.php';

if (user_exists('dan') === true) {
echo 'exists';
} 

 die();

if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) === true || empty($password) === true {

    $errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false) {
    $errors[] = 'Sorry this user does not exist';
}
}
?>

我不知道为什么我得到一个空白页并且它显示的消息是说用户存在?

4

3 回答 3

1

这可能是您无法触发的语法错误

(mysql_result(mysql_query("SELECT_COUNT('user_id') FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false;

SELECT COUNT在删除下划线“_”之间留出空格,因为它会给你 mysql 错误

于 2013-03-30T12:40:51.327 回答
1

除了查询中的那个愚蠢的错字之外,您使用 mysql API 的方式确实很糟糕。
需要注意的一些关键缺陷

  • whatever "sanitize" function used to build a query should add quotes around returned value. Otherwise it will do no good and lead you to injection.
  • you aren't checking for the mysql errors
  • you are writing your code in one line making it extremely hard to read.

What it should be at the very least

function user_exists($username) {
    $username = sanitize($username); // remember it should add the quotes
    $sql = "SELECT COUNT(1) FROM `user` WHERE `username` = $username";
    $res = mysql_query($sql) or trigger_error(mysql_error().$sql);
    $row = mysql_fetch_row($res);
    return !empty($row[0]);
 }

I am not sure why I am getting a blank page.

Most likely it is caused by some PHP error.
Either tell PHP to show them on-screen or peek into server error log to read the error message

Or there is no such user in the database.

So, make your code like this

<?php
ini_set('display_errors',1);
error_reporting(E_ALL);

echo "testing<br>";

include 'core/init.php';

if (user_exists('dan')) {
   echo 'exists';
} else {
   echo 'not found';
}
于 2013-03-30T12:51:03.403 回答
0

问题就在这里

 SELECT_COUNT('user_id')
       ^ 

应该

 SELECT COUNT('user_id')
于 2013-03-30T12:42:53.077 回答