1. 首頁
  2. 問答
  3. 爲什麼我會收到錯誤? (PHP,MySQL)

爲什麼我會收到錯誤? (PHP,MySQL)

2013-07-11 31 views
0

我想獲得referral_inreferral_out(作爲單獨的變量)存在的行數。這是我的代碼:爲什麼我會收到錯誤? (PHP,MySQL)

$username = $_SESSION['username']; 

$connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldnt Connect to Server"); 
mysql_select_db("xxxxx") or die("Couldnt find database"); 

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`=$username"); 
$same = mysql_num_rows($namecheck); 

$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WERE `username`=$username"); 
$leading = mysql_num_rows($namecheck); 
echo "$leading/$same"

當做到這一點,我得到這個錯誤:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/50/8492150/html/buyarandom/member.php on line 23 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/content/50/8492150/html/buyarandom/member.php on line 25

來源

2013-07-11 Cole

+3

除非$的用戶名是一個數值或者一個布爾值,它需要被引用 - ___not___使用的MySQLi或PDO和準備語句 –

回答

0

你忘了周圍$username

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`='".$username."'");

而且引號試圖逃脫$username因爲你是代碼易受攻擊SQL Injection

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`='".mysql_real_escape_string($username)."'");

邊注:不要使用mysql_query改用mysqli

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.

來源

2013-07-11 22:58:38

0

$ samecheck而不是$ namecheck ??? $ namecheck的定義在哪裏?

來源

2013-07-11 22:59:03

0

首先,不推薦使用mysql擴展名。請consider MySqli or PDO。其次,出於安全原因,您可能想要清理會話變量。如果您使用MySQLi或PDO進行參數化查詢,則無需擔心。否則,這些API會提供方法(mysql,mysqli)來轉義您的字符串。

現在有一個錯字WERE,應該是WHERE

如果username是一個字符串類型,則需要將該值放在引號中。

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WHERE `username`='$username'"); 
$same = mysql_num_rows($samecheck); //another typo; should be $samecheck
在你的第二個 mysql_num_rows()

而且,你可能是指通過$leadcheck,不$namecheck

來源

2013-07-11 23:02:04

0

這應該工作

$username = $_SESSION['username']; 

$connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldn't Connect to Server"); 
mysql_select_db("xxxxx") or die("Couldn't find database"); 

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WHERE `username`=$username") or die (mysql_error()); 
$same = mysql_num_rows($samecheck); 

$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WHERE `username`=$username") or die (mysql_error()); 
$leading = mysql_num_rows($leadcheck); 
echo "$leading/$same"

也,請在某些時候可以考慮使用的mysqli

http://php.net/manual/en/book.mysqli.php

因爲MySQL擴展已經過時,開放SQL注入,並可能會在PHP

的較新版本中刪除

來源

2013-07-11 23:02:45 PlausibleSarge

+0

我做了你的建議,它擺脫了錯誤的缺點。現在它給我這個: 'where子句'中的未知列'username' (用戶名是實際用戶名) – Cole

+0

我認爲MySQL區分大小寫。您需要爲其提供用於存儲用戶名的EXACT列名稱,包括正確的大寫字母 – PlausibleSarge

0

試試這個

 $username = $_SESSION['username']; 

    $connect = mysql_connect("xxxx", "xxxx", "xxxx!") or die("Couldnt Connect to Server"); 
    mysql_select_db("xxxxx") or die("Couldnt find database"); 

    $samecheck = mysql_query("SELECT `referral_in` ,`referral_out` FROM `users` WHERE `username`=$username"); 
    $same = mysql_num_rows($namecheck); 
    $row = mysql_fetch_array($samecheck); 

    echo $row['referral_in']/$row['referral_out'] ;

注:

  • MySQL是decprecated,請改用PDO或mysqli。

來源

2013-07-11 23:05:00

0

錯誤是說$ namecheck不是mysql_query。
$ namecheck未定義。

$ namecheck應該分別爲$ namecheck和$ leadcheck。

$samecheck = mysql_query("SELECT `referral_in` FROM `users` WERE `username`=$username"); 
$same = mysql_num_rows($samecheck); 

$leadcheck = mysql_query("SELECT `referral_out` FROM `users` WERE `username`=$username"); 
$leading = mysql_num_rows($leadcheck);

來源

2013-07-11 23:13:11

相關問題

 相關問題