无法检查PHP到数据库?

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (2)
  • 关注 (0)
  • 查看 (55)

我正在尝试在PHP上创建一个项目,只输入3个选项中的一个,并从数据库中获取其他2个详细信息。当我输入$ acecode时,我得到了完美的结果,即员工的详细信息。但是,当我尝试输入$ acename$ acemail时,我收到一个错误:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\WorkArea\HCLProject\submit.php on line 71

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\WorkArea\HCLProject\submit.php on line 80
No such record exists

我的PHP代码

1    <?php 
2    
3    $conn = mysqli_connect("localhost","root","","project");
4    if(!$conn)
5       die("Connection failed" . mysqli_connect_error());
6    
7    $descr = $_POST['descr'];
8    $acecode = $_POST['acecode'];
9    $acename = $_POST['acename'];
10    $acemail = $_POST['acemail'];
11    $status = $_POST['status'];
12    $comments = $_POST['comments'];
13    
14    //check for acemail
15    if($acecode == NULL and $acename == NULL and $acemail != NULL)
16    {
17      $search = "SELECT * from empmaster where empmail=".$acemail;
18      $result = mysqli_query($conn,$search);
19      if(mysqli_num_rows($result) == 1)
20      {
21          while($row = mysqli_fetch_assoc($result))
22          {
23              $acecode = $row['empcode'];
24              $acename = $row['empname'];
25          }
26      }
27      
28      else if(mysqli_num_rows($result) == 0)
29      {
30          echo "No such record exists";
31          $acemail = NULL;
32      }
33      else
34      {
35          echo 'Conflicting values found in Table "empmaster".';
36          $acemail = NULL;
37      }
38    }
39    
40    //check for acecode
41    else if($acename == NULL and $acemail == NULL and $acecode != NULL)
42    {
43      $search = "SELECT * from empmaster where empcode=".$acecode;
44      $result = mysqli_query($conn,$search);
45      if(mysqli_num_rows($result) == 1)
46      {
47          while($row = mysqli_fetch_assoc($result))
48          {
49              $acemail = $row['empmail'];
50              $acename = $row['empname'];
51          }
52      }
53      
54      else if(mysqli_num_rows($result) == 0)
55      {
56          echo "No such record exists";
57          $acecode = NULL;
58      }
59      else
60      {
61          echo 'Conflicting values found in Table "empmaster".';
62          $acecode = NULL;
63      }
64    }
65    
66    //check for acename
67    else if($acecode == NULL and $acemail == NULL and $acename != NULL)
68    {
69      $search = "SELECT * from empmaster where empname like ".$acename;
70      $result = mysqli_query($conn,$search);
71      if(mysqli_num_rows($result) == 1)
72      {
73          while($row = mysqli_fetch_assoc($result))
74          {
75              $acecode = $row['empcode'];
76              $acemail = $row['empmail'];
77          }
78      }
79      
80      else if(mysqli_num_rows($result) == 0)
81      {
82          echo "No such record exists";
83          $acename = NULL;
84      }
85      else
86      {
87          echo 'Conflicting values found in Table "empmaster".';
88          $acename = NULL;
89      }
90    }
91    
92    //last condition
93    else
94    {
95      $acecode=NULL;
96      $acename=NULL;
97      $acemail=NULL;
98      echo "Input only one value of Task Actionee";
99    }
100    
101    echo $acecode."<br>".$acename."<br>".$acemail;
102    ?>
提问于
用户回答回答于

在SQL语句中使用它之前,需要清理输入。你还需要在选择中的变量周围放置单引号。

// this needed single quotes around the variable
$search = "SELECT * from empmaster where empmail = '".$acemail."'";
用户回答回答于

SQL查询错误。你需要在该字段周围使用引号:

$search = "SELECT * from empmaster where empmail='".$acemail."';

然后再次:

$search = "SELECT * from empmaster where empname like '%".$acename."%';

而且你的代码对SQL注入攻击很有用。

扫码关注云+社区

领取腾讯云代金券