從數據庫[mysql_num_rows]存儲數據

Question

所以我有這個代碼將數據庫中的項目傳遞給我的訂單表。當我回應會議時。會話變量包含的東西，所以沒有問題。但是，當我在numrows下回顯這些變量時，它只顯示任何內容。有什麼不對？

<?php 
error_reporting(E_ALL^E_NOTICE); 
session_start(); 
require("connect.php"); 
$UserID = $_SESSION['CustNum']; 
$UserN = $_SESSION['UserName']; 

     $ProdGTotal = $_SESSION['ProdGTotal']; 

     $queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'"); 
     $numrows = mysql_num_rows($queryord); 

     if(numrows == 1){ 
      $row = mysql_fetch_assoc($queryord)or die ('Unable to run query:'.mysql_error()); // fetch associated: get function from a query for a database 
      $dbstreet = $row['Street']; 
      $dhousenum = $row['HouseNum']; 
      $dbcnum = $row['CelNum']; 
      $dbarea = $row['Area']; 
      $dbbuilding = $row['Building']; 
      $dbcity = $row['City']; 
      $dbpnum = $row['PhoneNum']; 
      $dbfname = $row['FName']; 
      $dblname = $row['LName']; 

     } 
     else 
     die(mysql_error()); 

     $query4=mysql_query("INSERT INTO orderdetails VALUES ('', '$UserID', Now(), '$dbhousenum', '$dbstreet', '$dbarea', '$dbbuilding', '$dbcity',  '$dbfname', '$dblname', '$dbcnum', '$dbpnum', '$ProdGTotal')",$connect); 

      if ($query4){ 

      header("location:index.php"); 

      } 
      else 
     die(mysql_error()); 


?> 

Answer 1

if(numrows == 1) => if($numrows == 1){

Answer 2

首先，你鍵入

if(numrows == 1){ 

替代變量：

if($numrows == 1){ 

而是檢查用戶，您可以爲：

$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'");  
$numrows = mysql_num_rows($queryord); 

用作：

$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");  
$numrows = mysql_num_rows($queryord); 

，因爲你想獲取一個用戶，但是你失敗了，因爲你沒有逃脫：

$UserN = mysql_real_escape_string($UserN); 
$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");  
$numrows = mysql_num_rows($queryord); 

你應該寫你的代碼以更好的方式，看到的例子最佳做法在stackoverflow如何獲取數據。查看阻止SQL注入和漏洞的最佳實踐。

的例子都顯示在這個網站：How can I prevent SQL injection in PHP?