我正在尝试使用 mysql_fetch_assoc() 从我的数据库中检索我的结果,但是当我回显以下内容(纯白屏幕)时,我似乎没有得到任何结果:
$email_address = $_POST['email_address'];
$password = $_POST['password'];
if(login($email_address, $password)){
$query = mysql_query("SELECT * FROM `users` WHERE `email_address` = '$email_address' AND `password` = '$password'");
$row = mysql_fetch_assoc($query);
echo $row['email_address'];
}else{
echo "Invalid login";
}
将您的查询更改为此,添加die(mysql_error())以检查您的查询是否有任何错误:
$email_address = $_POST['email_address'];
$password = $_POST['password'];
if(login($email_address, $password)){
$query = mysql_query("SELECT * FROM `users` WHERE `email_address` = '$email_address' AND `password` = '$password'") or die(mysql_error());
$row = mysql_fetch_assoc($query);
echo $row['email_address'];
} else {
echo "Invalid login";
}
您可以尝试以下方法,
if (isset($_POST['email_address']) && isset($_POST['password'])) {
$email_address = $_POST['email_address'];
$password = $_POST['password'];
//conection:
$con= mysqli_connect("hostname","username","password","database") or die("Error " . mysqli_error($link));
//query:
$query = mysql_query("SELECT * FROM users WHERE users.email_address = '$email_address' AND users.password = '$password'");
//display information:
$row = mysql_fetch_assoc($query);
if($email_address == $row['email_address'] && $password == $row['Password']){
echo $row['email_address'];
}else{
echo "Invalid login";
}
}
尝试if($query==NULL) {/* handle error */}捕获连接/数据库错误。
然后
$nrows=mysql_num_rows($query); //get the number of rows returned
if($nrows==0) //no match
else if($nrows==1) //match
else {/*more than 1 rows, probably sql injection */}
也就是说,远离已弃用的 MySQL 扩展并改用MySQLi。如果您打算在任何时间点公开网站,也可以散列您的密码,最好使用bcrypt。请参阅此视频,简要概述为什么不应该使用简单的哈希函数(甚至加盐)来对密码进行哈希处理,以及为什么要改用KDF。
最后,您的代码对 SQL 注入开放。有关如何保护它的信息,请参阅此问题。
作为旁注,有些人避免这样做SELECT *是因为