我想獲得計數,如果在數據庫中找到我想呼應該計數。 我需要在下面的代碼中做些什麼改變才能工作。得到計數,如果在數據庫中發現數據與PHP代碼
enter code here
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "email";
$con=mysqli_connect($servername,$username,$password, $dbname);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="SELECT 'Trading' FROM 'trading1' WHERE Trading = ('$_POST[kiran]')";
if ($result=mysqli_query($con,$sql))
{
// Return the number of rows in result set
$rowcount=mysqli_num_rows($result);
printf("Result set has %d rows.\n",$rowcount);
// Free result set
mysqli_free_result($result);
}
mysqli_close($con);"
你的代碼有什麼問題?它現在輸出什麼?有錯誤嗎? –
另外 - 永遠,永遠,**永遠**,*永遠*,把用戶輸入('$ _POST [kiran]')直接放入一個查詢,不消毒!永遠不要相信用戶輸入 –
由於單引號'''導致語法錯誤,您的查詢可能失敗。或者使用反引號''''''''sql =「SELECT \'Trading \'FROM \'trading1 \'WHERE Trading ='$ _POST [kiran]'」;'而@cale_b提到,全面開放的SQL注入 - 閱讀http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Sean