发表新帖
发表新帖

supplied argument is not a valid MySQL result resource

前端 未结
关注
4 1180
心在旅途
心在旅途 2020-12-04 04:12

I have developed a small CMS on my local WAMP machine.

Once I have exported my project on to the hosting, the following problem shows up

Warn

4条回答
  • 星月不相逢
    星月不相逢 (楼主)
    2020-12-04 04:43

    Your problem here is that after the concatenation, your query is probably invalid.

    You should log your query after the concatenation to see if this is the case. You should also test what the mysql_query returns before to call mysql_fetch_assoc.

    On another note:

    Is that your true production code ? If this is a public facing site then that's a serious security hole and is vulnerable to SQL injection attacks.

    What if I put in your username field:

     1;TRUNCATE pureUser --

    Your query become:

    SELECT id,usr FROM pureUser WHERE usr=1; TRUNCATE pureUser -- AND pass=...

    So, you should try the filter php native extension:

    Data filtering

    Futhermore, you should try PDO, which is more powerful and robust to work with databases:

    PHP Data Objects

    0 讨论(0)
 看不清?
提交回复
热议问题