我試圖通過綁定參數來防止sql注入,但是當我將代碼轉換爲綁定參數時,mysqli_num_rows不再起作用。mysqli_num_rows提供參數後無法工作
我有我要檢查對數據庫的重複行的簡單的電子郵件驗證:
下面我的代碼:
$checkDup = "SELECT Email FROM users WHERE Email='{$_POST['Email']}'";
$resultDup = mysqli_query($db,$checkDup);
//If not 0 duplicates (another one exists) create an error alert
if(!mysqli_num_rows($resultDup) == 0){
echo '<script language="javascript">
alert("Email Already Exists");
window.location.href = "Sign Up.php";
</script>';
unset($_POST);
}
結合它之後 -
Its Not right type error i got :
$checkDup = $db->prepare("SELECT Email FROM users WHERE Email= ?");
$checkDup->bind_param("s", $_POST['Email']);
//If not 0 duplicates (another one exists) create an error alert
if(!mysqli_num_rows($checkDup->execute()) == 0){
echo '<script language="javascript">
alert("Email Already Exists");
window.location.href = "Sign Up.php";
</script>';
unset($_POST);
}
順便說一句,你應該使用'mysqli_num_rows($ checkDup->的execute())> 0',而不是'mysqli_num_rows($ resultDup)== 0' – rbr94