Question

我有一个表单，要求用户输入他们的电子邮件地址才能收到密码重置电子邮件。我想在发送电子邮件之前将电子邮件与数据库中的现有电子邮件进行比较;如果电子邮件不存在，则脚本不应发送重置电子邮件。我一直在阅读已发布的问题/回复和谷歌搜索我的大脑几个小时，以及更改代码以删除空格或调整语法但没有任何东西摆脱我这＃1064错误消息...'回合ta放弃...

我得到的错误是：您的SQL语法中有错误;检查与MySQL服务器版本对应的手册，以便在第1行的“@ rocketmail.com”附近使用正确的语法 SQL：SELECT customer_id FROM customer WHERE customer_email = user@rocketmail.com

$sql = "SELECT customer_id FROM customer WHERE customer_email = ".$_POST['email'];
$result = mysqli_query($db, $sql) or die(mysqli_error($db)."<br />SQL: $sql");
$num_rows = mysql_num_rows($result);

if($num_rows < 1) {
$problem = TRUE;
$error_message .= '<p class="errorctr">Email was not found in our database.</p>';
}

Answer 1

您必须将字符串值括在引号中，否则肯定会出现语法错误。你的PHP语法很好，MySQL不是

$sql = "SELECT customer_id FROM customer WHERE customer_email = '".mysqli_real_escape_string($db,$_POST['email'])."'";

稍后您的代码中还有mysql_num_rows，其中mysqli_num_rows就像这样

$num_rows = mysqli_num_rows($result);

Answer 2

说到真正需要尝试的内容，它是PDO：

$sql = "SELECT customer_id FROM customer WHERE customer_email = ?";
$stm = $pdo->prepare($sql);
$stm->execute(array($_POST['email']));
$id  = $stm->fetchColumn();
if(!$id) {
    ...

Answer 3

试试这个：

         $email = $_POST['email'];
         $sql = "SELECT customer_id FROM customer WHERE customer_email = '".mysqli_real_escape_string($db,$email )."'";
   $result = mysqli_query($db, $sql) or die(mysqli_error($db)."<br />SQL: $sql");

   while($row = mysqli_fetch_array($result)){

        if(!$row['customer_email']){
         echo '<p class="errorctr">Email was not found in our database.</p>';
               }

      }

检查用户的电子邮件地址是否与数据库中的任何现有电子邮件地址匹

3 个答案: