php
  • mysqli
    • 2014-11-13 39 views -1 likes 
    -1

    我有這個問題指定字符串變量,類...錯誤的對象結束

    $connect = mysqli_connect("localhost","root","","db"); 

$user_name = mysqli_query($connect,"SELECT user_name FROM users WHERE user_name='".mysqli_real_escape_string($connect,stripcslashes($_POST['user_name']))."' ") or die('Erreur :'.mysqli_error()); 

if(mysqli_num_rows($user_name) == 1) 
{ 
    $erreurUser = "The name already exist, choose another name"; 
} 

elseif(mysqli_num_rows($user_name) == 0) 
{ 
    $query = mysqli_query($connect, "INSERT INTO 
    users 
    (id, user_name, password, repeat_password, admin) 
    VALUES('','".mysqli_real_escape_string($connect,$_POST['user_name'])."', 
     '".mysqli_real_escape_string($connect,$password)."' , 
     '".mysqli_real_escape_string($connect,$repeat_password)."', '')")      or die('Erreur :'.mysqli_error($connect)); 

$_SESSION['user_name'] = $user_name; // on donne cette infromation pour afficher dans le finish.php 

header('Location:finish.php'); 
}

    來源

    2014-11-13 mamaka

    +0

    你得到了什麼錯誤信息?你怎麼了?是具體的 – baao

    +0

    謝謝你的回答,我的問題是類mysqli_result的對象無法轉換爲字符串。 – mamaka

    +0

    當我顯示變量時,

    註冊完成,歡迎<?php回聲「Bienvenu」。 $ _SESSION ['user_name']。「!

    」?> – mamaka

    回答

    0

    根據您的代碼和註釋,試試這個:

    $user = $_POST['user_name']; 
$connect = mysqli_connect("localhost","root","","db"); 

$user_name = mysqli_query($connect,"SELECT user_name FROM users WHERE user_name='".mysqli_real_escape_string($connect,stripcslashes($user))."' ") or die('Erreur :'.mysqli_error()); 

if(mysqli_num_rows($user_name) == 1) 
{ 
    $erreurUser = "The name already exist, choose another name"; 
} 

elseif(mysqli_num_rows($user_name) == 0) 
{ 
    $query = mysqli_query($connect, "INSERT INTO 
    users 
    (user_name, password, repeat_password, admin) 
    VALUES('".mysqli_real_escape_string($connect,$user)."', 
     '".mysqli_real_escape_string($connect,$password)."' , 
     '".mysqli_real_escape_string($connect,$repeat_password)."', '')")      or die('Erreur :'.mysqli_error($connect)); 

$_SESSION['user_name'] = $user; // on donne cette infromation pour afficher dans le finish.php 

header('Location:finish.php'); 
}

    事情我會建議:

    • 更改查詢prepared statements,這樣你就可以擺脫所有的MySQL i_real_escape_string
    • 如果您沒有將代碼更改爲預處理語句,至少應該分隔查詢和所有mysqli_real_escape_string操作。但是,真的,改變它。

    事情你definatelly做錯了:

    要分配

    mysqli_query($connect,"SELECT user_name FROM users WHERE user_name='".mysqli_real_escape_string($connect,stripcslashes($_POST['user_name']))."' ") or die('Erreur :'.mysqli_error()); 


    $user_name

    後來分配

    $user_name

    $ _SESSION [ 'USER_NAME']

    這是不行的

    mysqli_real_escape_string($connect,stripcslashes($user))

    (+),在查詢內部是不是好的做法完全沒有

    如果您沒有值輸入的管理員,請不要將其包含在查詢中。

    我想id是auto_incremting?不要在查詢中包含它,我已經刪除它

    來源

    2014-11-13 17:44:10 baao

    +0

    是的,我明白的問題,它是變量。非常感謝你Munch – mamaka

    相關問題
    最新問題

     相關問題