我试图从一个MySQL表中选择数据,但我得到以下错误消息之一:
Mysql_fetch_array()期望参数1为给定的资源布尔值
这是我的代码:
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');
while($row = mysql_fetch_array($result)) {
echo $row['FirstName'];
}
当前回答
可能有两个原因:
在调用mysql_query函数之前,是否打开了到数据库的连接?我在你的代码里没看到。在进行查询之前使用mysql_connect。看到php.net/manual/en/function.mysql-connect.php 变量$username在单引号字符串中使用,因此它的值不会在查询中计算。查询肯定会失败。
第三,查询结构容易被SQL注入。您可以使用准备好的语句来避免这种安全威胁。
其他回答
当查询中出现错误导致查询失败时,将显示此错误消息。它会在使用时显现出来:
mysql_fetch_array / mysqli_fetch_array () 作用是()/ mysqli_fetch_assoc () mysql_num_rows () / mysqli_num_rows ()
注意:如果查询不影响任何行,则不会出现此错误。只有语法无效的查询才会产生此错误。
故障排除步骤
Make sure you have your development server configured to display all errors. You can do this by placing this at the top of your files or in your config file: error_reporting(-1);. If you have any syntax errors this will point them out to you. Use mysql_error(). mysql_error() will report any errors MySQL encountered while performing your query. Sample usage: mysql_connect($host, $username, $password) or die("cannot connect"); mysql_select_db($db_name) or die("cannot select DB"); $sql = "SELECT * FROM table_name"; $result = mysql_query($sql); if (false === $result) { echo mysql_error(); } Run your query from the MySQL command line or a tool like phpMyAdmin. If you have a syntax error in your query this will tell you what it is. Make sure your quotes are correct. A missing quote around the query or a value can cause a query to fail. Make sure you are escaping your values. Quotes in your query can cause a query to fail (and also leave you open to SQL injections). Use mysql_real_escape_string() to escape your input. Make sure you are not mixing mysqli_* and mysql_* functions. They are not the same thing and cannot be used together. (If you're going to choose one or the other stick with mysqli_*. See below for why.)
其他技巧
Mysql_ *函数不应该用于新代码。它们不再被维护,社区已经开始了弃用过程。相反,你应该学习准备语句并使用PDO或MySQLi。如果你不能决定,这篇文章将帮助你选择。如果你想学习,这里有一个很好的PDO教程。
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '%$username%'") or die(mysql_error());
while($row = mysql_fetch_array($result))
{
echo $row['FirstName'];
}
有时将查询抑制为@mysql_query(您的查询);
试试下面的代码。它可能会工作得很好。
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName ='$username'");
while($row = mysql_fetch_array($result))
{
echo $row['FirstName'];
}
正如scompt.com所解释的,查询可能会失败。使用此代码获取查询的错误或正确的结果:
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("
SELECT * FROM Users
WHERE UserName LIKE '".mysql_real_escape_string($username)."'
");
if($result)
{
while($row = mysql_fetch_array($result))
{
echo $row['FirstName'];
}
} else {
echo 'Invalid query: ' . mysql_error() . "\n";
echo 'Whole query: ' . $query;
}
有关更多信息,请参阅mysql_query()的文档。
实际的错误是单引号,因此没有解析变量$username。但是你应该使用mysql_real_escape_string($username)来避免SQL注入。
在$username周围加上引号。字符串值,与数字值不同,必须用引号括起来。
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '$username'");
同样,如果不使用通配符,使用LIKE条件也没有意义:如果需要精确匹配,则使用=而不是LIKE。
