我一直在'where子句'错误中收到一个Unknown列'Andy'

时间:2014-05-05 00:05:58

标签: php mysql session

我看过这个问题,但仍然无法在代码中找到错误。我使用Dreamweaver的自动化功能来做到这一点,所以我不明白为什么我会收到错误。

我的login.php页面上的代码是:

    if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['first'])) {
  $loginUsername=$_POST['first'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "index.php";
  $MM_redirectLoginFailed = "login.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_myStoreConn, $myStoreConn);

  $LoginRS__query=sprintf("SELECT `first`, password FROM `admin` WHERE `first`=%s AND     

password=%s",
 GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text")); 

 $LoginRS = mysql_query($LoginRS__query, $myStoreConn) or die(mysql_error());
 $loginFoundUser = mysql_num_rows($LoginRS);
 if ($loginFoundUser) {
 $loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;       

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}

index.php页面上的代码是:

 $colname_admin = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_admin = $_SESSION['MM_Username'];
}
mysql_select_db($database_myStoreConn, $myStoreConn);
$query_admin = sprintf("SELECT * FROM `admin` WHERE `first` = %s",             

GetSQLValueString($colname_admin, "text"));
$admin = mysql_query($query_admin, $myStoreConn) or die(mysql_error());
$row_admin = mysql_fetch_assoc($admin);
$totalRows_admin = mysql_num_rows($admin);

任何人都可以帮忙,所以我不会把霰弹枪给我的iMac吗?!?!

3 个答案:

答案 0 :(得分:0)

更改以下行:

$LoginRS__query = sprintf("SELECT `first`, password FROM `admin` WHERE `first`=%s AND password=%s", GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text"));

以下内容:

$LoginRS__query = sprintf("SELECT * FROM `admin` WHERE `first`=%s AND password=%s", GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text"));

答案 1 :(得分:0)

我认为问题是你需要围绕where子句中的比较值使用单引号:

$query_admin = sprintf("SELECT * FROM `admin` WHERE `first` = '%s'", 
--------------------------------------------------------------^--^            
                       GetSQLValueString($colname_admin, "text"))

答案 2 :(得分:0)

首先应该让它工作,然后你可以扩展这段代码

    $conn = mysql_connect('mysql_host', 'mysql_user', 'mysql_password');

    if (!$conn) {
        die('Not connected : ' . mysql_error());
    }

    $db_selected = mysql_select_db('mysql_db', $conn);
    if (!$db_selected) {
        die ('Can\'t use database : ' . mysql_error());
    }
    $username=$_POST['first'];
    $password=$_POST['password'];

    $query="";

    $query = sprintf("SELECT `first`, `password` 
                      FROM  admin 
                      WHERE first = '%s' AND password='%s'",
    mysql_real_escape_string($username),
    mysql_real_escape_string($password));

    $result = mysql_query($query, $conn);

    if (!$result) {
        $message  = 'Invalid query: ' . mysql_error() . "\n";
        $message .= 'Whole query: ' . $query;
        die($message);
    }

    $count = mysql_num_rows($result);
    if ($count == 1) {
        header("Location: index.php");
    }
    else {
        header("Location: login.php");
    }
}
相关问题
最新问题