我需要在我的auth脚本中设置查询,在WHERE子句中我要使用'_MY_POST_VALUE' IN (Field1, Field2)
最终查询将是这样的:
SELECT * FROM 'myprefix_users' WHERE 'myemail@email.com' IN ('EMAIL','LOGIN') AND PASSWORD=SHA1('mypassword')
我试过这样做:
$this->db->where("'" . mysql_escape_string($_POST['login']) . "' IN (EMAIL,LOGIN)", NULL, FALSE);
$this->db->where("PASSWORD=SHA1('" . mysql_real_escape_string($_POST['password']) . "')");
$userdb = $this->db->get('users');
..但CodeIgniter将前缀设置为我的登录/电子邮件值并发送错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''test@test.com' IN (EMAIL,LOGIN) AND PASSWORD=SHA1('123')' at line 3
SELECT * FROM (`myprefix_users`) WHERE myprefix_'test@test.com' IN (EMAIL,LOGIN) AND PASSWORD=SHA1('123')
我需要在表名中使用db_prefix,但我在WHERE子句中不需要它,甚至第三个参数(FALSE) - > where()对我不起作用:(
如何解决我的问题?有什么想法吗?
答案 0 :(得分:2)
尝试使用Codeigniter的Input类。它将简化您的代码:
$login = $this->input->post('login', TRUE);
$password = $this->input->post('password', TRUE);
$this->db->where("'$login' IN ", "('EMAIL','LOGIN')", FALSE);
$this->db->where("PASSWORD", "SHA1('$password')", FALSE);
$userdb = $this->db->get('users');
答案 1 :(得分:1)
首先,您不需要数据库语句中的所有不必要的函数。
为什么不这样做:
$user = $_POST['user'];
$pass = sha1($pass);
$this->db->where("(email = '$user' OR username = '$user') AND password = '$pass'");
$query = $this->db->get('users');
您无需担心mysql转义,因为CodeIgniter类会自动为您转义它们。