开发者

PHP Error - Login Script

开发者 https://www.devze.com 2022-12-26 16:28 出处:网络
I am creating a new login script/members directory. I am creating it from scratch without any frameworks (advice on this m开发者_StackOverflowatter would also be appreciated).

I am creating a new login script/members directory.

I am creating it from scratch without any frameworks (advice on this m开发者_StackOverflowatter would also be appreciated).

The situation:

// Look up the username and password in the database
    $query = "SELECT admin_id, username FROM admin WHERE adminname = '$admin_user' AND password = SHA1('$admin_pass')";
    $data = mysqli_query($dbc, $query);

    if (mysqli_num_rows($data) == 1) {

This bit of code keeps giving me an error (the last line in particular):

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home8/craighoo/public_html/employees/security/dir_admin.php  on line 20

When echoing the query I get:

SELECT admin_id, adminname FROM admin WHERE adminname = 'admin' AND password = SHA1('password')

EDIT: Thanks to everyone. The problem was in my Database column names and the column names I was referencing.


Your query execution is failing. When that happens mysqli_query returns false (boolean value) and when is passed to mysqli_num_rows, you get this error.

Print the query just before executing and check for correctness.


Considering that mysqli_query returns false on failure, and that $data is a boolean, here, I suppose there is an error occuring during the execution of your SQL query.

You could try using mysqli_error to find out what this error is :

$data = mysqli_query($dbc, $query);
if ($data !== false) {
    // Do whatever you want with $data
    if (mysqli_num_rows($data) == 1) {
        // 
    }
} else {
    echo mysqli_error($dbc);
    die;
}


Note : echoing the error message and dying, like I did here, is OK while developping your script ; but you should not do that in production.

Instead, in production, you should :

  • Log the error to a file
  • Display a nice message to the user


When you have a critical query, it's best to add a die to it like so:

mysqli_query($dbc, $query) or die('Critical error on line #'. __LINE__ .' when attempting to login ...<br>'. mysql_error());


Have you tried running that same query manually thru phpmyadmin or the console? What result do you get?

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号