在这里忙得让自己很沮丧。我正忙着尝试编写一个简单的登录脚本来验证对数据库的登录。
但是我不断得到:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in
这是我的代码....当我在 sql workbench 上运行查询时,它 100% 有效
<?php
// Grab User submitted information
$email = $_POST['users_email'];
$pass = $_POST['users_pass'];
// Connect to the database
$con = mysql_connect('localhost','root','');
// Make sure we connected succesfully
if(! $con)
{
die('Connection Failed'.mysql_error());
}
// Select the database to use
mysql_select_db('arctecs',$con);
$result = mysql_query('SELECT users_email, users_pass FROM users WHERE users_email = $email');
$row = mysql_fetch_array($result);
if($row['users_email']==$email && $row['users_pass']==$pass)
echo'You are a validated user.';
else
echo'Sorry, your credentials are not valid, Please try again.';
?>
最佳答案
这是不正确的
'SELECT users_email, users_pass FROM users WHERE users_email = $email'
更好的方法是
"SELECT users_email, users_pass FROM users WHERE users_email = '$email'"
需要将字符串数据用单引号括起来。
在查询中直接使用 POST 数据是不好的。开始使用 PDO 准备语句来避免 sql 注入(inject)或至少将数据清理为
$email = $_POST['users_email'];
$pass = $_POST['users_pass'];
$con = mysql_connect('localhost','root','');
// Make sure we connected succesfully
if(! $con)
{
die('Connection Failed'.mysql_error());
}
$email = mysql_real_escape_string($email);
关于php - 登录脚本中的 "Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22605672/