php - 登录脚本中的 "Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given"

Question

在这里忙得让自己很沮丧。我正忙着尝试编写一个简单的登录脚本来验证对数据库的登录。

但是我不断得到:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in

这是我的代码....当我在 sql workbench 上运行查询时，它 100% 有效

<?php

// Grab User submitted information
$email = $_POST['users_email'];
$pass = $_POST['users_pass'];

// Connect to the database
$con = mysql_connect('localhost','root','');
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db('arctecs',$con);

$result = mysql_query('SELECT users_email, users_pass FROM users WHERE users_email = $email');

$row = mysql_fetch_array($result);

if($row['users_email']==$email && $row['users_pass']==$pass)
    echo'You are a validated user.';
else
    echo'Sorry, your credentials are not valid, Please try again.';
?>

Answer 1

这是不正确的

'SELECT users_email, users_pass FROM users WHERE users_email = $email'

更好的方法是

"SELECT users_email, users_pass FROM users WHERE users_email = '$email'"

需要将字符串数据用单引号括起来。

在查询中直接使用 POST 数据是不好的。开始使用 PDO 准备语句来避免 sql 注入(inject)或至少将数据清理为

$email = $_POST['users_email'];
$pass = $_POST['users_pass'];
$con = mysql_connect('localhost','root','');
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

$email = mysql_real_escape_string($email);