无法从MySQL表中检索数据

时间:2013-02-27 14:06:52

标签: php mysql sql

首先,我是php新手。我也是MySQL的新手,所以对我很温柔。其次,我知道mysql_ *已被折旧,一旦我了解更多,这将在稍后修复。

所以我有以下代码:

        if(isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['password']) && !empty($_POST['password'])){
            $email = mysql_escape_string($_POST['email']);
            $password = mysql_escape_string($_POST['password']);

            $search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error()); 
            $match  = mysql_num_rows($search);

            if($match > 0){
                $user=$search['forename'] .' '.$search['surname'];
                $_SESSION['username']=$user;
                $msg = 'Login Complete! Thanks, '.$user.'!';
            }else{
                $msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.';
            }
        }

很简单,我正在检查电子邮件和密码是否匹配(我知道它不是一个哈希密码......再次,不是问题因为它是一个测试)。如果他们这样做,并且该帐户已被激活,那么我想返回用户的姓名(在users表中的forename / surname)并将它们存储在会话变量中。如果设置了该变量,我想使用此信息来确认用户已登录(因此可以访问某些页面)。但是,此测试不会返回用户名,而是输出:

  

登录完成!谢谢,!

任何帮助都将不胜感激。

3 个答案:

答案 0 :(得分:1)

请记住mysql_query返回的值是资源,因此您需要将结果行作为关联数组获取。

while ($row = mysql_fetch_assoc($search)) 
{
    $user=$row['forename'] .' '.$row['surname'];
    $_SESSION['username']=$user;
}

作为旁注,如果变量的值( s )来自外部,则查询易受SQL Injection攻击。请查看下面的文章,了解如何防止它。通过使用PreparedStatements,您可以摆脱在值周围使用单引号。

答案 1 :(得分:0)

您需要$row = mysql_fetch_array($search);

然后

$user=$row['forename'] .' '.$row['surname'];

答案 2 :(得分:0)

您替换了您的代码 / <强> * ** * ** * ** * *** < em>您的代码 * *** /         if(isset($ _ POST ['email'])&amp;&amp;!empty($ _ POST ['email'])AND isset($ _ POST ['password'])&amp;&amp;!empty($ _ POST ['password “])){             $ email = mysql_escape_string($ _ POST ['email']);             $ password = mysql_escape_string($ _ POST ['password']); 

        $search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error()); 
        $match  = mysql_num_rows($search);

        if($match > 0){
            $user=$search['forename'] .' '.$search['surname'];
            $_SESSION['username']=$user;
            $msg = 'Login Complete! Thanks, '.$user.'!';
        }else{
            $msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.';
        }
    }

/ <强> * ** * ** * ** * *** 我的代码 * *** / 

    if(isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['password']) && !empty($_POST['password'])){
        $email = mysql_escape_string($_POST['email']);
        $password = mysql_escape_string($_POST['password']);

        $search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error()); 
        $match  = mysql_num_rows($search);

        if($match > 0){
            $search = mysql_fetch_array($search); 
            $user=$search['forename'] .' '.$search['surname'];
            $_SESSION['username']=$user;
            $msg = 'Login Complete! Thanks, '.$user.'!';
        }else{
            $msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.';
        }
    }
相关问题
最新问题