为什么我的sql在检查行中不起作用

时间:2016-01-05 00:54:54

标签: php mysql sql

这是我每张桌子的数据结构:

enter image description here

我遇到了需要帮助的问题。我有一张表student_votesstudent。我的问题是第二个条件是检查学生是否已经投票。因为当我运行我的代码时,它总是会转到plsvote.php,即使它不应该这样做。

student_votes表有:

(id(pri),candid(foreign),idno(foreign),syearid(foreign))

这是我的代码: 

<?php
//Start session
session_start();
//Array to store validation errors
//Connect to mysql server
include('connect.php');
//Function to sanitize values received from the form. Prevents SQL injection
//Sanitize the POST values
if (isset($_POST['login'])){
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position =  mysql_real_escape_string($_POST['user_type']);
    $YearNow=Date('Y');
 //checking student idno and password
    $sql1 = "SELECT * FROM student,school_year WHERE idno = '$idno' AND password = '$password' AND school_year.syearid = student.syearid AND school_year.from_year like $YearNow" ;
    $result = mysql_query($sql1) or die();
    $row = mysql_fetch_array($result);
    $num_row = mysql_num_rows($result);
 //checking if the student has been voted
    $sql2 = "SELECT * FROM student,studentvotes WHERE student.idno = studentvotes.idno AND syearid = $YearNow" ;
    $result1 = mysql_query($sql2) or die();
    $row1 = mysql_fetch_array($result1);
    $num_row = mysql_num_rows($result1);
    if ($row['user_type'] == "1"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/index.php');
    } else if ($row['user_type'] == "3") {
//here is the part where I would check if the student already voted or not
        if ($num_row > 0) {
            $sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password='$password' ";
            $result1 = mysql_query($sql_c) or die(mysql_error());
            while($row2=mysql_fetch_array($result1)){
                $_SESSION['SESS_COURSE'] = $row2['progid'];   
                $_SESSION['SESS_MEMBER_ID'] = $idno;
                header('location: plsvote.php');
                //$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
            }
        } else {
            header('location: notification.php');
        }
    } else if ($row['user_type'] == "2"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/officerpanel.php');
        //$_SESSION['admin'] = $idno;
    } else {
        echo "<script type='text/javascript'>\n";
        echo "alert('Username or Password incorrect!, Please try again.');\n";
        echo "window.location = 'index.php';";
        echo "</script>";
        exit();
    }
}
?>

2 个答案:

答案 0 :(得分:-1)

您的$sql2查询正在选择所有在指定年份投票的学生。

您需要做的就是将该查询中返回的行数限制为由$idno(即此学生)识别的学生所做的投票。

<?php
//Start session
session_start();
//Array to store validation errors
//Connect to mysql server
include('connect.php');
//Function to sanitize values received from the form. Prevents SQL injection
//Sanitize the POST values
if (isset($_POST['login'])){
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position =  mysql_real_escape_string($_POST['user_type']);
    $YearNow=Date('Y');

    $sql1 = "SELECT * 
             FROM student,school_year 
             WHERE idno = '$idno' 
               AND password = '$password' 
               AND school_year.syearid = student.syearid 
               AND school_year.from_year like $YearNow";

    $result = mysql_query($sql1) or die();
    $row = mysql_fetch_array($result);
    $num_row = mysql_num_rows($result);


    $sql2 = "SELECT * 
             FROM student,studentvotes 
             WHERE student.idno = studentvotes.idno 
               AND syearid = $YearNow
               AND student.idno = $idno";


    $result1 = mysql_query($sql2) or die();
    $row1 = mysql_fetch_array($result1);
    $num_row = mysql_num_rows($result1);
    if ($row['user_type'] == "1"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/index.php');
    } else if ($row['user_type'] == "3") {
        if ($num_row > 0) {
            $sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password='$password' ";
            $result1 = mysql_query($sql_c) or die(mysql_error());
            while($row2=mysql_fetch_array($result1)){
                $_SESSION['SESS_COURSE'] = $row2['progid'];   
                $_SESSION['SESS_MEMBER_ID'] = $idno;
                header('location: plsvote.php');
                //$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
            }
        } else {
            header('location: notification.php');
        }
    } else if ($row['user_type'] == "2"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/officerpanel.php');
        //$_SESSION['admin'] = $idno;
    } else {
        echo "<script type='text/javascript'>\n";
        echo "alert('Username or Password incorrect!, Please try again.');\n";
        echo "window.location = 'index.php';";
        echo "</script>";
        exit();
    }
}
?>

了解SQL的JOIN语法

也会对您有所帮助

查询可以像这样编写

    $sql2 = "SELECT * 
             FROM student s
                JOIN studentvotes sv ON s.idno = sv.idno 
             WHERE 
               AND syearid = $YearNow
               AND student.idno = $idno";

答案 1 :(得分:-1)

这是我的PHP ....

您正在从表格student and studentvotes中选择所有学生并加入他们的id。如果它与当前年份即2016年相匹配,您也会选择该算法。我假设您的设计是如果学生记录出现在学生投票中,那么该学生已投票?如果是这种情况,那么你可能不需要选择学生表,除非确实需要它。你可以这样做:

$sql2 = "SELECT * FROM studentvotes WHERE idno = $idno AND syearid = $YearNow"

你也需要他们投票的那一年,或者你只是想知道他们是否投票?如果后者然后在studentvotes表中添加一个名为'voted'的int列,该列将用于存储两个数据中的任何一个,0(如果学生已投票)或1(如果学生未投票)。完成此操作后,将sql语句修改为:

$sql2 = "SELECT * FROM studentvotes WHERE idno = $idno AND voted = 1

正如您所看到的,上述声明说明:选择所有来自studentvotes的学生,其中idno与当前的idno($ idno)匹配,并且尚未投票并将其发送到plsvote.php。如果你真的需要从学生表回来的数据,那么就这样做:

$voted=1;
 $sql2 = "SELECT name,age,voted FROM student s,studentvotes sv WHERE s.idno = sv.idno AND voted = 1

通过上面的例子,你可以做另一个解析,把你的FrontEnd的英文翻译成英文:

if($voted = 1)
{
  header('location:admin/plsvote.php');
}
else
{
header('location:admin/officerpanel.php');
}

另外,我不明白你为什么要通过从用户输入中获取用户类型来检查user_types,然后将其存储在变量中,然后对此变量不执行任何操作?但是继续为每个选择再次检查用户类型?我不认为这是必要的。

相关问题
最新问题