1. 首頁
  2. 問答
  3. mysqli_query():空查詢

mysqli_query():空查詢

2016-07-26 87 views
0

我得到的mysqli_query():空查詢

mysqli_query(): Empty query in if(mysqli_query($link, $result)){

Catchable fatal error: Object of class mysqli_result could not be converted to string in line echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);

可我知道這裏有什麼問題的錯誤?

<?php 

$link = mysqli_connect("localhost", "root", "", "databasename") or die("could not connect to mysql"); 
$email = $_SESSION['USEREMAIL']; 
$password = $_SESSION['USERPASS']; 
$sql= mysqli_query($link, "SELECT * FROM admin WHERE email='$email' and password ='$password' "); 
if (isset($_POST["submit"])) { 
    $test = mysqli_real_escape_string($link, $_POST['test']);  
    $result  = mysqli_query($link,"UPDATE admin SET test='$test' WHERE email='$email'"); 

    if(mysqli_query($link, $result)){ 
    echo "Updated successfully."; 
    } else { 
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); 
    } 
} 
while ($record = mysqli_fetch_array($sql)) { 
    $test = $record['test']; 
} 
mysqli_close($link); 
?>

來源

2016-07-26 xodebox95

+1

http://php.net/manual/en/mysqli.query.php –

+2

'$ result'是*已經是'mysqli_query()'你需要改變'如果(mysqli_query($連接,$結果)){'''if like($ result)''' –

+0

**''不要存儲純文本密碼!**請使用PHP的[內置函數](http://jayblanchard.net/proper_password_hashing_with_PHP.html)處理密碼安全。如果您使用的PHP版本低於5.5,則可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。確保你*** [不要越獄密碼](http://stackoverflow.com/q/36628418/1011527)***或在哈希之前使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –

回答

0

請使用此代碼將正確$結果被*已經是mysqli_query()你需要改變,如果(mysqli_query($連接,$結果)){喜歡的東西,如果($結果)){

session_start(); 
include("header.php"); 
?> 
<?php 

$link = mysqli_connect("localhost", "root", "", "databasename") or die("could not connect to mysql"); 
$email = $_SESSION['USEREMAIL']; 
$password = $_SESSION['USERPASS']; 
$id   = $_SESSION['USERID']; 
$sql= mysqli_query($link, "SELECT * FROM admin WHERE email='$email' and password ='$password' "); 
if (isset($_POST["submit"])) { 
    $test = mysqli_real_escape_string($link, $_POST['test']);  
    $result  = mysqli_query($link,"UPDATE admin SET test='$test' WHERE id='$id'"); 

    if($result){ 
    echo "Updated successfully."; 
    } else { 
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link); 
    } 
} 
while ($record = mysqli_fetch_array($sql)) { 
    $test = $record['test']; 
} 
mysqli_close($link); 
?> 
<form method="POST" name="testForm" id="testForm" action=""> 
    <div class="form-group"> 
     <div class="input-group"> 
     <input name="test" id="test" placeholder="Test data" class="form-control" type="text" value="<?php echo $test; ?>"> 
     </div> 
    </div> 
<button type="submit" id="submit" class="btn btn-primary btn-md" value="submit" name="submit">Submit</button>

來源

2016-07-26 16:27:53

+1

OP爲什麼要「使用此代碼」?一個好的答案***將總是解釋所做的事情以及爲什麼這樣做,不僅是爲了OP,還是爲了將來訪問SO。您還沒有在這裏解決SQL注入或純文本密碼。 –

+0

我很抱歉,我不覺得這是必要的,但它是必要的@Jay Blanchard –

+0

這是絕對必要的,並已在原來的問題下的評論中得到解決。 –

相關問題

 相關問題