<?php
session_start();
include_once ('connection.php');
if (isset($_POST['login'])){
$uemail = $_POST['email'];
$upassword = $_POST['password'];
}
$query = "SELECT * FROM users WHERE email = $uemail and password = $upassword";
$result = mysqli_query($connection, $query);
if(mysql_num_rows($query) == 1){
$_SESSION['email'] = $email;
header('Location: newfeeds.php');
exit();
}else{
while ($row = mysql_fetch_assoc($result)) {
echo $row["email"];
echo $row["password"];
}
}
?>
我有PHP手冊它說停止使用SQL和替換sqli但沒有工作。它拋出一個錯誤。Php登錄表格錯誤行
Connected Successfully Fatal error: Call to undefined function mysql_num_rows() in D:\XAMPP\htdocs\codeinventor\login.php on line 14
更改爲mysqli_num_rows()。您的查詢不安全或不安全。查看準備好的語句 –
另請參閱http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?rq=1 – MECU
[您的腳本存在SQL注入攻擊的風險。 ](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –