我遇到了问题,这是我的代码:
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register where email = '$eml' and password = '$pass'");
if($result1->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'client';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result2 = $db->query("select * from b_register where email = '$eml' and password = '$pass'");
if($result2->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'business';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result3 = $db->query("select * from g_register where email = '$eml' and password = '$pass'");
if($result3->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'employee';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result4 = $db->query("select * from k_register where email = '$eml' and password = '$pass'");
if($result4->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'super';
promptUser("You have successfully logged in!!!","index.php");
}
else
{
promptUser("Username/Password do not match. Please try again!!!","");
}
这个代码很有趣,但我并不是说我错了。我是php和mysql的新手,所以请帮忙。我还为保存数据的所有变量尝试了例如result4->free();
,我得到了这个错误:致命错误:在...中的非对象上调用成员函数free() >
答案 0 :(得分:1)
不要重复自己。你已经创建了你的mysqli对象,所以重用它。例如:
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register...");
$result2 = $db->query("select * from d_register...");
$result3 = $db->query("select * from e_register...");
这将使您的代码更易读,以后更容易修改。
答案 1 :(得分:0)
mysqli::query()仅在成功查询后返回结果对象。
你需要建立一个支票:
if(($result1 != false) and ($result1->fetch_array())) // The same for 2,3,4...
您应该使用
获取错误消息echo $db->error;
答案 2 :(得分:0)
来自PHP手册: mysqli :: query在成功时返回TRUE,在失败时返回FALSE。对于SELECT,SHOW,DESCRIBE或EXPLAIN,mysqli_query()将返回一个结果对象。
所以你应该测试一下:
if ($result != false) {
...
} else {
// print error or whatever
}
顺便说一下。它是非常危险不转义变量,如$eml
和$pass
- 如果用户输入$pass
类似于:
bleh' OR 1 = 1 OR password = 'bleh
,然后整个查询将如下所示:
select * from b_register where email = 'some@email.com' and password = 'bleh' OR 1 = 1 OR password = 'bleh'
用户将在不知道密码的情况下登录!
因此,您应该使用:
mysql_real_escape_string($eml)和
$pass
相同。
甚至更好:使用语句准备和参数绑定 - 请参阅:http://pl2.php.net/manual/en/mysqli.prepare.php