我试图在PHP上做一个项目,只输入3个选项中的一个,并从数据库中获得其他2个详细信息。当我输入$acecode时,我得到了完美的结果,即员工的详细信息。但是,当我尝试输入$acename或$acemail时,我得到一个错误:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\WorkArea\HCLProject\submit.php on line 71
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\WorkArea\HCLProject\submit.php on line 80
No such record exists
虽然记录存在,但仍为-even。
请帮帮忙。
我的PHP代码
1 <?php
2
3 $conn = mysqli_connect("localhost","root","","project");
4 if(!$conn)
5 die("Connection failed" . mysqli_connect_error());
6
7 $descr = $_POST['descr'];
8 $acecode = $_POST['acecode'];
9 $acename = $_POST['acename'];
10 $acemail = $_POST['acemail'];
11 $status = $_POST['status'];
12 $comments = $_POST['comments'];
13
14 //check for acemail
15 if($acecode == NULL and $acename == NULL and $acemail != NULL)
16 {
17 $search = "SELECT * from empmaster where empmail=".$acemail;
18 $result = mysqli_query($conn,$search);
19 if(mysqli_num_rows($result) == 1)
20 {
21 while($row = mysqli_fetch_assoc($result))
22 {
23 $acecode = $row['empcode'];
24 $acename = $row['empname'];
25 }
26 }
27
28 else if(mysqli_num_rows($result) == 0)
29 {
30 echo "No such record exists";
31 $acemail = NULL;
32 }
33 else
34 {
35 echo 'Conflicting values found in Table "empmaster".';
36 $acemail = NULL;
37 }
38 }
39
40 //check for acecode
41 else if($acename == NULL and $acemail == NULL and $acecode != NULL)
42 {
43 $search = "SELECT * from empmaster where empcode=".$acecode;
44 $result = mysqli_query($conn,$search);
45 if(mysqli_num_rows($result) == 1)
46 {
47 while($row = mysqli_fetch_assoc($result))
48 {
49 $acemail = $row['empmail'];
50 $acename = $row['empname'];
51 }
52 }
53
54 else if(mysqli_num_rows($result) == 0)
55 {
56 echo "No such record exists";
57 $acecode = NULL;
58 }
59 else
60 {
61 echo 'Conflicting values found in Table "empmaster".';
62 $acecode = NULL;
63 }
64 }
65
66 //check for acename
67 else if($acecode == NULL and $acemail == NULL and $acename != NULL)
68 {
69 $search = "SELECT * from empmaster where empname like ".$acename;
70 $result = mysqli_query($conn,$search);
71 if(mysqli_num_rows($result) == 1)
72 {
73 while($row = mysqli_fetch_assoc($result))
74 {
75 $acecode = $row['empcode'];
76 $acemail = $row['empmail'];
77 }
78 }
79
80 else if(mysqli_num_rows($result) == 0)
81 {
82 echo "No such record exists";
83 $acename = NULL;
84 }
85 else
86 {
87 echo 'Conflicting values found in Table "empmaster".';
88 $acename = NULL;
89 }
90 }
91
92 //last condition
93 else
94 {
95 $acecode=NULL;
96 $acename=NULL;
97 $acemail=NULL;
98 echo "Input only one value of Task Actionee";
99 }
100
101 echo $acecode."<br>".$acename."<br>".$acemail;
102 ?>
发布于 2018-06-06 04:34:39
SQL查询错误。您需要在字段两边使用引号:
$search = "SELECT * from empmaster where empmail='".$acemail."';
再说一遍:
$search = "SELECT * from empmaster where empname like '%".$acename."%';
而且你的代码对SQL注入攻击是不敏感的。您应该改用prepared statements。
发布于 2018-06-06 04:34:21
在SQL语句中使用输入之前,需要对输入进行清理。您还需要在select中用单引号将变量括起来。
// this needed single quotes around the variable
$search = "SELECT * from empmaster where empmail = '".$acemail."'";
https://stackoverflow.com/questions/50708464
复制相似问题