我有2个php文件login1.php和profile.php。在login1.php中有一些错误。php登录和注销脚本错误
Login1.php:
<?php
$con = mysqli_connect("localhost","","","");
if (!$con)
{
echo" Not connected to database";
die('Could not connect: ' . mysqli_error());
}
session_start();
$message="";
if(count($_POST)>0) {
$username = $_POST["username"];
$password = $_POST["password"];
$query="SELECT * FROM `Login` WHERE Login.username='$username' AND Login.password='$password'";
$result = mysqli_query($con,$query);
if (!$result) {
printf("Error: %s\n", mysqli_error($con));
exit();
}
$row = mysqli_fetch_array($con,$result);
if(is_array($row)) {
$_SESSION["username"] = $row['username'];
} else {
$message = "Invalid Username or Password!";
}
}
if(isset($_SESSION["username"])) {
header("Location:profile.php");
}
?>
错误: 警告:mysqli_fetch_array()预计参数1被mysqli_result,在给定的/public_html/site/login1.php第21行
由于对象这些错误login1.php没有链接到profile.php,但当我直接访问profile.php其工作正常。
'混合mysqli_fetch_array(mysqli_result $结果[摘要$与resultType = MYSQLI_BOTH])'=>滴从呼叫您的'$ con'。顺便说一句:如果profile.php在没有登录的情况下工作...是不是一个安全问题? – Wrikken
由于OP没有阅读[documentation](http://us2.php.net/mysqli-fetch-array) – Kermit
Lovely [SQL注入攻击](http:// bobby- tables.com)洞。享受你的服务器pwn3d。 –