我想爲我的網站創建一個基本的登錄腳本,我卡住了。我的代碼如下:在php登錄腳本錯誤sql查詢
<?php
$myServer = "localhost";
$myUser = "root";
$myPass = "*******";
$myDB = "social_bookmarking";
//connection to the database
libxml_use_internal_errors(true);
$connect = mysqli_connect($myServer,$myUser, $myPass)
or die("Couldn't connect to SQLServer on $myServer");
//select a database to work with
$selected = mysqli_select_db($connect, $myDB)
or die("Couldn't open database $myDB");
$email = $_POST['email'];
var_dump($email);
$password = $_POST['passwd'];
var_dump($password);
$query = mysqli_query($connect, "SELECT * FROM users WHERE email='$email'");
var_dump($query);
if(!$query)
{
die("Query failed:");
}
else
{
$row = mysqli_fetch_array($query, MYSQLI_NUM);
var_dump($row);
if($email == $row['email'])
{
if($email=='' || $password == '')
{
header("Location: index.php?id=Some fields are empty");
}
else if ($email==$row['email'] && $password =$row['password']) {
# code...
header("Location: main.php?id=$email");
}
}
else
{
//mysqli_query("alter table users auto_increment = 1");
}
}
?>
這裏是我的代碼返回:
string '[email protected]' (length=24)
string '*********' (length=10)
object(mysqli_result)[2]
public 'current_field' => null
public 'field_count' => null
public 'lengths' => null
public 'num_rows' => null
public 'type' => null
array (size=5)
0 => string '1' (length=1)
1 => string 'Palade Radu' (length=11)
2 => string 'pa10der4du' (length=10)
3 => string 'Radu' (length=4)
4 => string '[email protected]' (length=24)
這是我的表:
http://i.stack.imgur.com/nDaBX.png
我不知道爲什麼都那些變量'null'。現在我得到var_dump ['row']下的未定義索引'email'。我在哪裏得到全部錯誤?
請將結果粘貼到問題中,而不是圖像。 –
你有這個電子郵件的註冊表嗎? –
在沒有準備好語句的情況下使用'mysqli'會打開SQL注入攻擊。 –