-1

每次我尝试运行我的脚本时,我都会收到此错误,说 mysql_num_rows(): supplied argument is not a valid MySQL result resource.我不太确定它为什么这样做。我的目标是让它检查登录的客户是否是管理员。

<?php
    session_start();
    $username = $_POST['username'];
    $password = $_POST['password'];

    if ($username&&$password)
    {

    $user = $_SESSION['user'];
    //connect
    $connect = mysql_connect("localhost","*******_robert","***********") or die ("Couldn't Connect"); //host,username,password
    mysql_select_db("virtua15_gateway") or die ("Could not find database");
    //query
    $get = mysql_query("SELECT * FROM Users WHERE username='$user'");
    $numrows = mysql_num_rows($query);
    if ($numrows!=0)
    {
        while ($row = mysql_fetch_assoc($query))
        {
                $dbusername = $row['username'];
                $dbpassword = $row['password'];
        }
        if ($username==$dbusername&&$password==$dbpassword)
        {
         header( 'Location: index2.php' );
         $_SESSION['username']=$dbusername;
        }
        else
            echo "incorrect username and password";
    }
       else
         die ("This user does not exist");

    }
    else
        die("Please enter a username and a password");


    while($get = mysql_fetch_assoc($get))

{
 $admin = $row['admin'];
}
if ($admin==0)
 die ("You are not and admin!");
header('Location: index2.php')

?>
4

4 回答 4

3 
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);

那么,是吗$get$query

于 2012-01-21T11:19:15.630 回答
3

您将查询资源称为 $get,然后将其作为 $query 传递。选一个 :)

$query = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);

此外,添加错误检查以防查询失败(die() 或 trigger_error())

可能还值得注意的是,您需要转义任何输入,而不是直接在查询中提供它(甚至来自 $_SESSION 或 $_COOKIES,而不仅仅是 $_POST)。为此使用mysql_real_escape_string()。并且您不应该以明文形式存储密码,可能会使用sha1()或更好的散列算法。

于 2012-01-21T11:20:27.283 回答
2

用这个:

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);

代替 :

$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($query);
于 2012-01-21T11:21:43.600 回答
1 
$get = mysql_query("SELECT * FROM Users WHERE username='$user'");
$numrows = mysql_num_rows($get);

将 $query 更改为 $get

于 2012-01-21T11:22:18.353 回答