mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows 等...期望参数1是资源
我正在尝试从 MySQL 表中选择数据,但收到以下错误消息之一:
I am trying to select data from a MySQL table, but I get one of the following error messages:
mysql_fetch_array() 期望参数 1 是资源,给定的布尔值
mysql_fetch_array() expects parameter 1 to be resource, boolean given
这是我的代码:
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query('SELECT * FROM Users WHERE UserName LIKE $username');
while($row = mysql_fetch_array($result)) {
echo $row['FirstName'];
}
推荐答案
查询可能由于各种原因而失败,在这种情况下,mysql_* 和 mysqli 扩展都会从各自的查询函数中返回 false/方法.您需要测试该错误情况并进行相应处理.
A query may fail for various reasons in which case both the mysql_* and the mysqli extension will return false from their respective query functions/methods. You need to test for that error condition and handle it accordingly.
mysql_* 扩展:
注意 mysql_ 函数已弃用 并已在 php 版本 7 中删除.
NOTE The mysql_ functions are deprecated and have been removed in php version 7.
在将 $result 传递给 mysql_fetch_array 之前检查它.你会发现它是 false 因为查询失败.有关可能的返回值,请参阅 mysql_query 文档以及如何处理它们的建议.
Check $result before passing it to mysql_fetch_array. You'll find that it's false because the query failed. See the mysql_query documentation for possible return values and suggestions for how to deal with them.
$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM Users WHERE UserName LIKE '$username'");
if($result === FALSE) {
die(mysql_error()); // TODO: better error handling
}
while($row = mysql_fetch_array($result))
{
echo $row['FirstName'];
}
mysqli 扩展
程序风格:
$username = mysqli_real_escape_string($mysqli, $_POST['username']);
$result = mysqli_query($mysqli, "SELECT * FROM Users WHERE UserName LIKE '$username'");
// mysqli_query returns false if something went wrong with the query
if($result === FALSE) {
yourErrorHandler(mysqli_error($mysqli));
}
else {
// as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach
foreach( $result as $row ) {
...
oo 风格:
$username = $mysqli->escape_string($_POST['username']);
$result = $mysqli->query("SELECT * FROM Users WHERE UserName LIKE '$username'");
if($result === FALSE) {
yourErrorHandler($mysqli->error); // or $mysqli->error_list
}
else {
// as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach
foreach( $result as $row ) {
...
使用准备好的语句:
$stmt = $mysqli->prepare('SELECT * FROM Users WHERE UserName LIKE ?');
if ( !$stmt ) {
yourErrorHandler($mysqli->error); // or $mysqli->error_list
}
else if ( !$stmt->bind_param('s', $_POST['username']) ) {
yourErrorHandler($stmt->error); // or $stmt->error_list
}
else if ( !$stmt->execute() ) {
yourErrorHandler($stmt->error); // or $stmt->error_list
}
else {
$result = $stmt->get_result();
// as of php 5.4 mysqli_result implements Traversable, so you can use it with foreach
foreach( $result as $row ) {
...
<小时>
这些示例仅说明应该做什么(错误处理),而不是如何去做.生产代码不应使用 or die输出 HTML 时,否则它将(至少)生成无效的 HTML.此外,不应向非管理员用户显示数据库错误消息,因为它 披露太多信息.
These examples only illustrate what should be done (error handling), not how to do it. Production code shouldn't use or die when outputting HTML, else it will (at the very least) generate invalid HTML. Also, database error messages shouldn't be displayed to non-admin users, as it discloses too much information.
相关文章