0

我是 php 新手,试图学习一些东西。我正在尝试编写一个脚本,允许用户在验证个人信息后重置密码。除了这个 php 脚本之外,一切都运行良好。此脚本从表单输入字段接收数据。该程序应该输出:

echo $e.'&u='. $us .'&er='.$err.'&o='. $bulls3 .'&r='.$bulls4;


            exit(); 

可以作为respondText发送到ajax。问题是这个 php 脚本没有按预期工作,并给我以下错误消息。有没有人可以帮助我。任何帮助将不胜感激。提前谢谢你的帮助..

错误输出消息:

警告:mysqli_num_rows() 期望参数 1 为 mysqli_result,布尔值在 C:\xampp\htdocs\myGenius\identityverify.php 第 119 行联系方式中给出

<?php
// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST["bd"])){
    $bad= preg_replace('#[^0-9-]#i', '', $_POST['bd']);
    //Connect to database
    include_once("php_includes/connect_to_mysqli.php");
    $e = mysqli_real_escape_string($db_conx,$_POST['e']);
    $c= preg_replace('#[^a-z ]#i', '', $_POST['c']);
    $post= preg_replace('#[^a-z0-9]#i', '', $_POST['pst']);
    $user= preg_replace('#[^a-z0-9]#i', '', $_POST['us']);
    $odd= preg_replace('#[^a-z0-9]#i', '', $_POST['od']);

    if($e =="" || $bad =="" || $c=="" ||$post==""){
        echo "empty";
        exit();
        }else if($user=="" || $odd==""){
            echo "no_exist";
            exit();
        }else{



    $sql = "SELECT id, username FROM user WHERE email='$e' AND activated='1' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $numrows = mysqli_num_rows($query);
    if($numrows > 0){
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $id = $row["id"];
            $u = $row["username"];  

//Encrypted values to check with user input passed from hidden fields           
                    //Check codes
            $bull= value1;
            $bull2= value2;
            $bull3= value3;
            $bull3=value4;
            $us= value5;
            $err= value6;

        }
        if($user==$us && $odd==$err){   


    $sql = "SELECT country, birthday, postal FROM useroptions WHERE email='$e' AND username='$u' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $numrows = mysqli_num_rows($query);
    if($numrows > 0){
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $con = $row["country"];
            $bday = $row["birthday"];
            $poost = $row["postal"];

        }


if($c == $con && $bad == $bday && $post==$poost){
// encoded value using some type of encryption for passing data to another web page based on user information data
                $bulls= value1;
                $bulls2= value2;
                $bulls1=value3;
                $bulls3= value4;
                $bulls4= value5;
                $bulls3=value6;
                $bulls4=value7;

            echo $e.'&u='. $us .'&er='.$err.'&o='. $bulls3 .'&r='.$bulls4;


            exit();
        }else{
            echo "wrong";
            exit();
            }

        }else {
        echo "contact";
        exit();
    }//user option not set
    }else{
        echo "no_exist";
        exit();
        }//end code comparison and send to error page
    }else{
        echo "no_exist";
        exit();
        }
        exit();
}}
?>
4

1 回答 1

0

我总是使用两个查询,而不是让服务器返回匹配的所有内容

  1. select count(*) from database where condition='expected';
  2. 根据if()验证初始结果的子句执行第二个查询。

由于我的主要查询尚未执行,因此可以防止注入。

尝试更换

if(isset($_POST["bd"])){

if(!empty($_POST["bd"])){
于 2013-04-15T23:41:33.827 回答