我有两个数据库表," user"它有3列(id,[自动增量]用户名和捏) 另一张桌子是"针脚"只有一列(划痕) 我的表格
USER
Id username Pinc
1 Josh
2 Angela
3 Chika
PINS
scratches
123456
234515
124564
我想要一个用户通过表单提交密码的情况,它会检查引脚表中是否存在此类数据,如果存在,它将使用表单发布更新我的用户表的pinc列,用它登录。如果引脚表中没有它,则会出现错误"抱歉引脚不存在。" 我的代码
$sql = "SELECT * FROM pins WHERE scratches = '" .' $user_password '. "';";
$query = $this->db_connection->query($sql);
if ($query->num_rows== 0){
$this->errors[] = "Sorry, that PIN does not exist.";
} elseif ($query->num_rows== 1) {
$sql = "UPDATE user ".
"SET pinc = $user_password ".
"WHERE user_name = $user_name" ;
$query_new_user_insert = $this->db_connection->query($sql);
$sql = "SELECT user_name, pinc
FROM user
WHERE user_name = '" . $user_name . "' ;";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_login_status'] = 1;
} else {
$this->errors[] = "Wrong password. Try again.";
}
} else {
$this->errors[] = "This user does not exist.";
}
} else {
$this->errors[] = "Database connection problem.";
}
}
}
当我运行代码时,我得到了'#34;抱歉引脚不存在。"有人能告诉我它有什么问题吗?
答案 0 :(得分:1)
奇怪的字符串结构:
$sql = "SELECT * FROM pins WHERE scratches = '" .' $user_password '. "';";
它将从引脚WHERE scrathes =" $ user_password"中选择所有数据。它将返回未找到的数据。
像这样修改:
$sql = "SELECT * FROM pins WHERE scratches = '" . $user_password . "';";
告诉我它是如何运作的。
答案 1 :(得分:0)
你在''附近使用singe quete $userpassword,所以你传递的是字符串
像这样更改你的第一个查询
$sql = "SELECT * FROM pins WHERE scratches = '".$user_password."';";
你的第二个查询也错了。因为我假设$username是一个字符串,
你需要将它包裹在像这样的单''
$sql = "UPDATE user ".
"SET pinc = '$user_password' ".
"WHERE user_name = '$user_name'" ;//You are missing single quete here if username is a string
我不知道这也是问题,但在第三个查询中有额外的空间。对于紧随其后的$username变量(点. .之后)。如果这不起作用就像这样删除它
$sql = "SELECT user_name, pinc
FROM user
WHERE user_name = '".$user_name."' ;";
**
**
$sql = "SELECT * FROM pins WHERE scratches = '".$user_password ."';";
$query = $this->db_connection->query($sql);
if ($query->num_rows== 0){
$this->errors[] = "Sorry, that PIN does not exist.";
} elseif ($query->num_rows== 1) {
$sql = "UPDATE user SET pinc ='".$user_password."' WHERE user_name ='".$user_name."'" ;
$query_new_user_insert = $this->db_connection->query($sql);
$sql = "SELECT user_name, pinc FROM user WHERE user_name = '".$user_name."' ;";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_login_status'] = 1;
} else {
$this->errors[] = "Wrong password. Try again.";
}
} else {
$this->errors[] = "This user does not exist.";
}
}
}
}
答案 2 :(得分:0)
变化:
$sql = "SELECT * FROM pins WHERE scratches = '" .' $user_password '. "';";
到
$sql = "SELECT * FROM pins WHERE scratches = '".$user_password."'";