mysqli_real_escape_string()返回空字符串
任何人都有这个解决方案吗?我突然出现蓝屏错误后,今天晚上遇到了这个问题。我正在使用这个简单的代码来实现项目中的会话,但是在神秘的重启之后,这件事情很奇怪!!!!
此代码应该可以工作!!!!
更新:现在处理一些小错误及其全面运作:)
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "root","company");// Selecting Database
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
// To protect MySQL injection for Security purpose
//$username = stripslashes($username);
//$password = stripslashes($password);
$username = mysqli_real_escape_string($connection,$username);
$password = mysqli_real_escape_string($connection,$password);
// SQL query to fetch information of registerd users and finds user match.
$query = "select * from login where password='$password' AND username='$username'";
//$query = "select * from login where password='".$password."' AND username='".$username."'";
$result=mysqli_query($connection,$query);
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
}
else {
$error = "Username or Password Invalid";
}
mysqli_close($connection); // Closing Connection
}
}
?>
输出图像(编辑前) -
3 个答案:
答案 0 :(得分:0)
mysqli_real_escape_string($username)缺少必需参数
mysqli_real_escape_string()功能的用法如下:
$con=mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);
您必须添加$ connection(您的连接变量)。这样就变成了:
mysqli_real_escape_string($connection, $username)
http://www.w3schools.com/php/func_mysqli_real_escape_string.asp
答案 1 :(得分:0)
这是我使用的转义字符串
<?php
if (!function_exists('escapestring')) {
function escapestring($vconnection, $value, $datatype) {
$value = function_exists('mysqli_real_escape_string') ? mysqli_real_escape_string($vconnection, $value) : mysqli_escape_string($vconnection, $value);
switch ($datatype) {
case 'text':
$value = ($value != '') ? "'" . $value . "'" : "'na'";
break;
case 'int':
$value = ($value != '') ? intval($value) : "'na'";
break;
case 'float':
$value = ($value != '') ? floatval($value) : "'na'";
break;
case 'date':
$value = ($value != '') ? "'" . $value . "'" : "'na'";
break;
}
return $value;
}
}
?>
答案 2 :(得分:0)
您的查询未正确使用引号,因为它是'$password'和'$username'而不是它们的值,请将其更改为 -
$query = "select * from login where password='".$password."' AND username='".$username."'";
而不是这个
$query = "select * from login where password='$password' AND username='$username'";
此外,您需要使用{em> pavlovich 建议的mysqli_close()代替mysql_close()和mysqli_real_escape_string($connection, $username)。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?