是什么导致我的 PHP SQL 查询出现此错误?

【问题标题】:What causes this error in my PHP SQL query?是什么导致我的 PHP SQL 查询出现此错误?
【发布时间】:2009-05-20 04:59:49
【问题描述】:

我的 mysql php 代码有问题。该代码旨在使用用户输入的变量搜索数据库并显示相应的结果。例如,如果我只搜索彩色照片,则只会列出彩色照片以及艺术家的姓名、尺寸等。但我收到一条错误消息,我不明白这是什么意思。上面写着:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result,
boolean given in C:\Program Files\xampp\htdocs\results.php on line 64

这是导致问题的代码,有人知道为什么吗???

//Run the query and storee result
$result = mysqli_query($link, $query);

//Get number of rows in the result set
$number_of_rows = mysqli_num_rows ($result);

//close link to database
mysqli_close($link);

原来的查询是:

//Define an SQL query to retrieve desired information
$query = "
SELECT
photos.photo_id, members.member_name, photos.photo_title, photos.photo_film,
    photos.photo_height, photos.photo_width
FROM members, photos
WHERE members.member_id = photos.member_id
";

//restict SQL query with an AND clause if a photo title has been supplied
if ($form_photo_title !="") {
    $query.= "AND photos.photo_title = '$form_photo_title' ";
}

//Restrict the SQL query with an AND clause if a member has been selected
if ($form_member_name !=0) {
    $query .= "AND members.member_name = $form_member_name ";
}

//Restrict the SQL query with an AND clause if a colour mode has been selected
if ($form_type !="") {
    $query .= "AND photo.photo_film = $form_type ";
}

//Run the query and storee result
$result = mysqli_query($link, $query);

【问题讨论】:

    标签: php mysql database


    【解决方案1】:

    您的 mysqli_query 命令将返回 false。使用mysqli_error 诊断问题。

    if (!mysqli_query($link, $query)) {
    printf("Errormessage: %s\n", mysqli_error($link));
}

    您需要进行上述检查才能确定,但​​您的查询问题可能与此部分有关,该部分未引用似乎是字符串值的内容:

    if ($form_member_name !=0) {
    $query .= "AND members.member_name = $form_member_name ";
}

    $form_member_name 至少应该用单引号括起来,但您应该绝对为此使用参数化语句,而不是在查询中嵌入未经处理的变量,因为您让自己对SQL injection attack。这是一个修订版,但请记住,我对 mysqli 有点生疏,没有你的数据库就无法测试它:

    $query = "
    SELECT
    photos.photo_id, members.member_name, photos.photo_title, photos.photo_film,
        photos.photo_height, photos.photo_width
    FROM members, photos
    WHERE members.member_id = photos.member_id
";

$types = "";
$params = array();

if ($form_photo_title !="") {
    $query.= "AND photos.photo_title = ? ";
    $types .= "s";
    $params[] = $form_photo_title;
}

if ($form_member_name !=0) {
    $query .= "AND members.member_name = ? ";
    $types .= "s";
    $params[] = $form_member_name;
}

if ($form_type !="") {
    $query .= "AND photo.photo_film = ? ";
    $types .= "s";
    $params[] = $form_type;
}

if (!($statement = mysqli_prepare($link, $query)))
    throw new Exception(mysqli_error($link));

// this tells the statement to substitute those question marks with each of 
// the values in the $params array. this is done positionally, so the first 
// question mark corresponds to the first element of the array, and so on. 
// the $types array is just a string with an indication of the type of the 
// value stored at each position in the array. if all three of the above 
// clauses are applied, then $types will equal "sss", indicating that the 
// first, second and third elements in $params are string types. 
// worse still, because the parameters to the query are dynamic, we can't 
// call mysqli_stmt_bind_param directly as it does not allow an array to be 
// passed, so we have to call it dynamically using call_user_func_array!
// i really hate this about mysqli.
// if all three of your above query clauses are applied, this call translates to
//     mysqli_stmt_bind_param(
//         $stmt, $types, 
//         $form_photo_title, $form_member_name, $form_type
//     );
array_unshift($values, $stmt, $types);
call_user_func_array("mysqli_stmt_bind_param", $values);

mysqli_stmt_execute($stmt);

// this instructs mysqli to assign each field in your query to each of 
// these variables for each row that is returned by mysqli_stmt_fetch(). 
// this is also positional - if you change the order or number of fields 
// in your query, you will need to update this.
mysqli_stmt_bind_result($photo_id, $member_name, $photo_title, $photo_film, $photo_height, $photo_width);

while (mysqli_stmt_fetch($stmt)) {
    // $photo_id will be reassigned to the value from the row on each 
    // loop iteration
    echo $photo_id."<br />";
}

    我忘记了 mysqli 扩展是多么可怕的野兽——如果你可以访问PDO extension,我 不能更强烈地建议您学习并使用它。

    【讨论】:

      【解决方案2】:

      您的查询有问题,它返回 FALSE 而不是结果集。查询是什么?

      【讨论】:

        【解决方案3】:

        form_member_name 需要用引号引起来吗?

        实际上,form_photo_titleproperly handled 都需要是 properly handled 才能防止 SQL Injection 攻击。

        【讨论】:

          【解决方案4】:

          我的猜测是您尝试执行的 SQL 有问题。在 mysqli_query() 命令之前将 SQL 打印到输出。然后获取该字符串并从 mysql 控制台运行它以查看是否可以执行查询。

          【讨论】:

            【解决方案5】: 
            $query .= "AND photo.photo_film = $form_type ";

            我想一定是:

            $query .= "AND photos.photo_film = $form_type ";

            您拼错了表名并收到“表不存在”之类的错误。

            不要忘记 SQL 注入。此代码易受攻击。

            【讨论】:

              猜你喜欢
              • 1970-01-01
              • 2015-02-16
              • 2013-06-30
              • 1970-01-01
              • 2011-01-26
              • 2021-10-28
              • 1970-01-01
              • 2020-01-30
              • 2021-04-04
              相关资源
              最近更新 更多
              热门标签
              Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode