-4

I'm getting an error in my code. If I put a wrong user, it shows

user ok

if I put correct user, it also shows

user ok

I don’t know where is the error in my code so please take a look at my code and let me know where I went wrong.

Login.php

<html>
  <body>
    <form action="list_work.php" method="post">
      username: <input type="text" name="username">
      password: <input type="text" name="password">
      <input type="submit">
    </form>
  </body>
</html>

List_work.php

<?php
  $username = $_POST["username"];
  $password = $_POST["password"];

  // Connect to the database
  $dbLink = new mysqli('localhost', 'sqldata', 'sqldata', 'balhaf');
  if(mysqli_connect_errno()) {
    die("MySQL connection failed: ". mysqli_connect_error());
  }

  mysqli_select_db($dbLink,"balhaf2");

  // Fetch the file information
  $query = "select *  from users WHERE username = '".$dbLink-  >escape_string($username)."'";

  $result = $dbLink->query($query);
  $company = false;
  if($result) {
  echo "user ok"."</br>";
  //Now get the result information
  $row = $result->fetch_object();  //will store the record in $row

 //Access what you need
  if($row) {
    $company = $row->company;  //variable name should match the field name in your  database
    echo $company; //See if you get the value stored in the database
  }
  } else {
   echo "worng user";
  }

  mysqli_select_db($dbLink,"balhaf");


  // Query for a list of all existing files
  $sql = "SELECT id, name, mime, size, created FROM $company";
  $result = $dbLink->query($sql);
  // Check if it was successfull
  if($result) {
    // Make sure there are some files in there
    if($result->num_rows == 0) {
      echo '<p>There are no files in the database</p>';
    } else {
      // Print the top of a table
      echo '<table border="1" align="center">
          <H2 align="center"> Report Table</H>

            <tr>
                <td><b>Name</b></td>
                <td><b>Mime</b></td>
                <td><b>Size (bytes)</b></td>
                <td><b>Created</b></td>
                <td><b>&nbsp;</b></td>
            </tr>';

    // Print each file
    while($row = $result->fetch_assoc()) {
        echo "
            <tr>
                <td>{$row['name']}</td>
                <td>{$row['mime']}</td>
                <td>{$row['size']}</td>
                <td>{$row['created']}</td>
                <td><a style='text-decoration:none;' href='get_file_work.php?id= {$row['id']}&company=$company'>Download</a></td>
            </tr>";
       }

       // Close table
       echo '</table>';
      }

     // Free the result
     $result->free();
     }
     else
     {
     echo 'Error! SQL query failed:';
     echo "<pre>{$dbLink->error}</pre>";
     }
     // Close the mysql connection
     $dbLink->close();
     ?>
4

2 回答 2

3

您需要检查返回的行数:更改:

if($result ){

至:

if($result  &&  $result->num_rows) {

PS:失败时$result = $dbLink->query($query); 返回FALSE (当您的 SQL 语句有问题时)。除此之外,它将返回一个与true 您的if 语句相同的对象。

于 2013-08-28T21:41:07.233 回答
1

更改以下内容:

if($result) {

至:

if( $result && mysqli_num_rows($result) > 0 ) {

$result 仍然是一个对象,所以 $result 不是NULL, FALSE, 或0

编辑

我第一次忽略了添加 $result 本身。如果查询失败,则$result == FALSE. mysqli_num_rows($result)会抛出警告:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given

...如果它不是 mysqli_result 对象。因此,通过首先检查 $result 是否为假,我们可以防止错误发生。

注意:撤消的答案第一次是正确的,即使是在我之后:p

于 2013-08-28T21:39:48.720 回答