选择mysql中的某一行

时间:2013-02-18 18:33:24

标签: php mysql variables post

我是MYSQL和PHP的新手,所以我只需要做一些非常基本的事情。 我需要从username = $_POST['username']的帐户中选择一个密码...我无法弄清楚这个,我不断获取resource id(2)而不是输入帐户的所需密码。我需要通过mysql查询函数传递mysql并将返回的值保存在变量$ realpassword中。谢谢!

编辑: 此代码返回资源ID(2)而不是真实密码 代码:

<?php
$con = mysql_connect('server', 'user', 'pass'); 
if (!$con) 
{ 
    die('Could not connect: ' . mysql_error()); 
} 
echo '<br/> '; 

// Create table
mysql_select_db("dbname", $con);

//Variables

//save the entered values

$enteredusername = $_POST['username'];
$hashedpassword = sha1($_POST['password']);

$sql = "SELECT password from accounts where username = '$enteredusername'";

$new = mysql_query($sql,$con);

echo "$new";


if (!mysql_query($sql,$con))
{
  die('Error: ' . mysql_error());
}



mysql_close($con);

?> 

6 个答案:

答案 0 :(得分:1)

如果将PDOprepared statements一起使用,情况会好很多。

这是连接MySQL服务器的方式:

$db = new PDO('mysql:host=example.com;port=3306;dbname=your_database', $mysql_user, $mysql_pass);

这就是你正确选择行的方法(使用bindParam):

$stmt = $db->prepare('SELECT password FROM accounts WHERE username = ?;');
$stmt->bindParam(1, $enteredusername);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$password = $result['password'];

此外,绑定参数,而不是立即将它们放入查询字符串,可以保护您免受SQL注入(在您的情况下,很可能因为您不以任何方式过滤输入)。

答案 1 :(得分:0)

通过看到这个问题我们可以理解你是非常非常新的编程。所以我要求你通过这个链接http://php.net/manual/en/function.mysql-fetch-assoc.php

我正在为下面的每一行添加评论

$sql = "SELECT id as userid, fullname, userstatus
        FROM   sometable
        WHERE  userstatus = 1"; // This is query

$result = mysql_query($sql); // This is how to execute query

if (!$result) { //if the query is not successfully executed
    echo "Could not successfully run query ($sql) from DB: " . mysql_error();
    exit;
}

if (mysql_num_rows($result) == 0) { // if the query is successfully executed, check how many rows it returned
    echo "No rows found, nothing to print so am exiting";
    exit;
} 

while ($row = mysql_fetch_assoc($result)) { //fetch the data from table as rows
    echo $row["userid"]; //echoing each column
    echo $row["fullname"];
    echo $row["userstatus"];
}

希望有所帮助

答案 2 :(得分:0)

试试这个

   <?php
  $con = mysql_connect('server', 'user', 'pass'); 
 if (!$con) 
 { 
 die('Could not connect: ' . mysql_error()); 
 } 
 echo '<br/> '; 

// Create table
 mysql_select_db("dbname", $con);

 //Variables

 //save the entered values

 $enteredusername = mysql_real_escape_string($_POST['username']);
 $hashedpassword = sha1($_POST['password']);

 $sql = "SELECT password from accounts where username = '$enteredusername'";

 $new = mysql_query($sql,$con);

 $row = mysql_fetch_array($new) ;
 echo $row['password'];

 if (!$new)
{
 die('Error: ' . mysql_error());
}



 mysql_close($con);

?> 

答案 3 :(得分:0)

我认为您的代码看起来像这样

$realpassword = mysql_query("SELECT password 
     from accounts where username = '$_POST[username]'");
echo $realpassword;

这将返回Resource,用于指向数据库中的记录。您需要做的是获取资源所指向的行。所以,你这样做(注意我将使用结构MySQLi而不是MySQL,因为现在不推荐使用MySQL。)

$connection = mysqli_connect("localhost", "your_mysql_username", 
    "your_mysql_password", "your_mysql_database") 
    or die("There was an error");
foreach($_POST as $key=>$val) //this code will sanitize your inputs.
    $_POST[$key] = mysqli_real_escape_string($connection, $val);
$result = mysqli_query($connection, "what_ever_my_query_is") 
    or die("There was an error");
//since you should only get one row here, I'm not going to loop over the result.
//However, if you are getting more than one rows, you might have to loop.
$dataRow = mysqli_fetch_array($result);
$realpassword = $dataRow['password'];
echo $realpassword;

因此,这将负责检索密码。但是你有更多固有的问题。您没有清理您的输入,甚至可能甚至没有将散列密码存储在数据库中。如果你是从PHP和MySQL开始,你应该真正研究这些事情。

编辑:如果您只想创建登录系统,则无需从数据库中检索密码。在这种情况下,查询非常简单。

$pass = sha1($_POST['Password']);
$selQ = "select * from accounts 
    where username = '$_POST[Username]' 
    and password = '$pass'";
$result = mysqli_query($connection, $selQ);
if(mysqli_num_rows($result) == 1) {
    //log the user in
}
else {
    //authentication failed
}

从逻辑上讲,用户登录的唯一方法是用户名和密码是否匹配。因此,用户名和密码只会有一行。这正是我们在这里检查的内容。

答案 4 :(得分:-1)

<?php
$query = "SELECT password_field_name FROM UsersTableName WHERE username_field_name =".$_POST['username'];
$result = mysql_query($query);
$row = mysql_fetch_array($result);
echo $row['password_field_name'];
?>

答案 5 :(得分:-1)

$username = $_POST['username'];                                       
$login_query = "SELECT password FROM users_info WHERE users_info.username ='$username'";        
$password = mysql_result($result,0,'password');