mysqli_num_rows($ result)== 0返回错误 [英] mysqli_num_rows($result)==0 returning error

问题描述

我正在尝试使用此php脚本创建一个更改密码页面.我希望能够告诉用户他们是否输入了正确的用户名和密码，以便可以对其进行更改.当我检查行时，无论它是否返回行，我总是会收到此错误:

I am trying to create a change password page with this php script. I want to be able to tell the user whether or not they have put in the correct username and password so that it may be changed. When I check the rows, regardless if it returns rows or not, I always get this error:

警告:mysqli_num_rows()期望参数1为mysqli_result，给出布尔值

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given

这是我的代码:

<?php

$uname = mysqli_real_escape_string($conn, $_POST['uname']);
$currentpw = mysqli_real_escape_string($conn, $_POST['currentpw']);
$newpw1 = mysqli_real_escape_string($conn, $_POST['newpw1']);
$newpw2 = mysqli_real_escape_string($conn, $_POST['newpw2']);

$sql = "UPDATE USERS
        SET password = '$newpw1'
        WHERE username = '$uname' and password = '$currentpw'";

$result = mysqli_query($conn, $sql);
$row = mysqli_num_rows($result);

    if($row > 0 && $newpw1 == $newpw2){
        mysqli_query($conn, $sql) or die(mysqli_error($conn, $sql));
    }   

    else if($newpw1 != $newpw2){
        echo "Passwords do not match";

    }
    else {
        echo "Username or Password is incorrect";
    }
}

?>

注意:我确实在手之前建立了连接，只是似乎没有必要在此处进行连接.另外，如果我输入正确的信息，它将根据需要更改密码，但仍然会显示错误消息

note: i do make a connection before hand just doesn't seem necessary to have it on here. Also if I do enter the right information it will change the password as needed but still have the error message

推荐答案

您需要检查受影响的行数，而不是行数. num_rows常量是选定的行数，而affected_rows常量用于插入，更新和删除查询.

You need to check the number of affected rows, instead of the number of rows. The num_rows constant is the number of selected rows, while the affected_rows constant is for for insert, update and delete queries.

您还应该使用准备好的语句，而不是直接在查询中插入变量.

You also should use a prepared statement instead of injecting variables directly in the query.

您遇到的另一件事是，如果同一查询可以运行一次，则您尝试将其运行两次.那没有多大意义.

Another thing you had was that you attempted to run the same query twice, if it could be run once. That doesn't make much sense.

这是修订版，尽管仍然缺少重要的内容:您将密码存储在planintext中！这是一个巨大的安全问题！

Here's a revised version, though there's still one important thing missing: you store passwords in planintext! Which is a HUGE security issue!

不要以纯文本格式存储密码！这绝对不安全！ PHP具有内置函数，应使用这些函数来处理密码存储，请参见 password_hash() 函数，它更加安全！

Don't store your passwords in plain-text! This is not secure at all! PHP has built-in functions which you should use to handle storing of passwords, see the password_hash() function which is a lot more secure!

if (isset($_POST['newpw1'])) {
    $username = $_POST['uname'];
    $current_password = $_POST['currentpw'];
    $newpw1 = $_POST['newpw1'];
    $newpw2 = $_POST['newpw2'];

    if ($newpw1 === $newpw2) {
        $stmt = $conn->prepare("UPDATE users SET password=? WHERE username=? AND password=?");
        $stmt->bind_param("sss", $newpw1, $username, $current_password);
        $stmt->execute();

        if ($stmt->affected_rows) {
            echo "Password updated successfully!";
        } else {
            echo "Username or password is incorrect";
        }
        $stmt->close();
    } else {
        echo "Passwords do not match";
    }
} else {
    // Form was not sent
}

• http://php.net/mysqli-stmt.affected-rows
• http://php.net/mysqli-stmt.affected-rows

这篇关于mysqli_num_rows($ result)== 0返回错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！