php 和 mysql 执行语句失败
我像这样插入用户输出:
$userName= SanitizeString($userName);
$pass= SanitizeString($pass);
$email= SanitizeString($email);
$userName=mysql_real_escape_string($userName);
$pass=mysql_real_escape_string($pass);
$email=mysql_real_escape_string($email);
$salt = 'SHIFLETT';
$password_hash = md5($salt . md5($pass.$salt));
mysql_query("INSERT INTO users (user_name,pass,email,reputation,role,ban,date) VALUES ('$userName', '$password_hash', '$email', '$reputation', '$role','false','$date')" ) or exit(mysql_error());
那是 SanitizeString($var) 函数:
function SanitizeString($var)
{
$var=stripslashes($var);
$var=htmlentities($var, ENT_QUOTES, 'UTF-8');
$var=strip_tags($var);
return $var;
}
但是当我尝试使用此查询查找用户密码和名称时。它失败了:
$user_name=SanitizeString($user_name);
$pass=SanitizeString($pass);
$user_name=mysql_real_escape_string($user_name);
$pass=mysql_real_escape_string($pass);
$salt = 'SHIFLETT';
$password_hash = md5($salt . md5($pass.$salt));
$result=mysql_query("SELECT COUNT(*) AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error());
如果计数大于 0,则意味着它找到了一个结果,用户应该登录。但这并没有发生......为什么?
对此进行更多更新:
if(mysql_num_rows($result)>0)
{
echo "Login successful".mysql_num_rows($result);
return $dataArray=TRUE;
}
else
{
echo "Login unsuccessful:".mysql_num_rows($result);
}
I insert the users output like this:
$userName= SanitizeString($userName);
$pass= SanitizeString($pass);
$email= SanitizeString($email);
$userName=mysql_real_escape_string($userName);
$pass=mysql_real_escape_string($pass);
$email=mysql_real_escape_string($email);
$salt = 'SHIFLETT';
$password_hash = md5($salt . md5($pass.$salt));
mysql_query("INSERT INTO users (user_name,pass,email,reputation,role,ban,date) VALUES ('$userName', '$password_hash', '$email', '$reputation', '$role','false','$date')" ) or exit(mysql_error());
That is the SanitizeString($var) function:
function SanitizeString($var)
{
$var=stripslashes($var);
$var=htmlentities($var, ENT_QUOTES, 'UTF-8');
$var=strip_tags($var);
return $var;
}
But when I try to find the users password and name with this query. It fails:
$user_name=SanitizeString($user_name);
$pass=SanitizeString($pass);
$user_name=mysql_real_escape_string($user_name);
$pass=mysql_real_escape_string($pass);
$salt = 'SHIFLETT';
$password_hash = md5($salt . md5($pass.$salt));
$result=mysql_query("SELECT COUNT(*) AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error());
if the count is greater than 0 than it means it found one result and the user should log in. But that doesnt happen..Why?
UPDATE more to this:
if(mysql_num_rows($result)>0)
{
echo "Login successful".mysql_num_rows($result);
return $dataArray=TRUE;
}
else
{
echo "Login unsuccessful:".mysql_num_rows($result);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果你想使用
COUNT(*),你必须使用GROUP BY,但你可以使用mysql_num_rows()获取行数,例如这。You have to use
GROUP BYif you want to useCOUNT(*), but you can get the number of rows withmysql_num_rows()like this.