php执行mysql语句失败_使用php和mysql失败执行语句

I insert the users output like this:

$userName= SanitizeString($userName);

$pass= SanitizeString($pass);

$email= SanitizeString($email);

$userName=mysql_real_escape_string($userName);

$pass=mysql_real_escape_string($pass);

$email=mysql_real_escape_string($email);

$salt = 'SHIFLETT';

$password_hash = md5($salt . md5($pass.$salt));

mysql_query("INSERT INTO users (user_name,pass,email,reputation,role,ban,date) VALUES ('$userName', '$password_hash', '$email', '$reputation', '$role','false','$date')" ) or exit(mysql_error());

That is the SanitizeString($var) function:

function SanitizeString($var)

{

$var=stripslashes($var);

$var=htmlentities($var, ENT_QUOTES, 'UTF-8');

$var=strip_tags($var);

return $var;

}

But when I try to find the users password and name with this query. It fails:

$user_name=SanitizeString($user_name);

$pass=SanitizeString($pass);

$user_name=mysql_real_escape_string($user_name);

$pass=mysql_real_escape_string($pass);

$salt = 'SHIFLETT';

$password_hash = md5($salt . md5($pass.$salt));

$result=mysql_query("SELECT COUNT(*) AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error());

if the count is greater than 0 than it means it found one result and the user should log in. But that doesnt happen..Why?

UPDATE more to this:

if(mysql_num_rows($result)>0)

{

echo "Login successful".mysql_num_rows($result);

return $dataArray=TRUE;

}

else

{

echo "Login unsuccessful:".mysql_num_rows($result);

}

解决方案

You have to use GROUP BY if you want to use COUNT(*), but you can get the number of rows with mysql_num_rows() like this.

$result=mysql_query("SELECT * AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error());

$num_rows = mysql_num_rows($result);