如何将收集的Field从表中存储到变量中?

时间:2015-02-12 13:16:32

标签: php mysqli

我想从数据库表中收集用户名字段并将其存储在变量中,以便我可以将其与从表单中收集的$ _POST ['user']进行比较。如果表单中的用户名与数据库匹配,则登录成功。

<?php
$userField = $_POST['user'];

 $sqlHost   = 'localhost';
 $sqlDb     = 'DBNAME';     //Database Name
 $sqlId     = 'USERNAME';       //Database User Name
 $sqlPass   = 'PASSWORD';       //Database Password
 $link = mysqli_connect($sqlHost,$sqlId,$sqlPass,$sqlDb);
 mysqli_select_db($link,$sqlDb);

//Read table records
 $conn = mysqli_query($link,"SELECT * FROM table_name where username='$userField');

if ('username'== '$userField')
{
echo Login Successful
}
else
{
echo Login Unsuccessful
}
 //Close MySql Connection
 mysqli_close($link);
exit();
?>

3 个答案:

答案 0 :(得分:1)

if ('username'== trim($userField))
{
echo 'Login Successful';
}
else
{
echo 'Login Unsuccessful';
}

在行尾添加分号

答案 1 :(得分:1)

如果这真的是你的代码,那么你需要做很多事情。 添加引号,分号和SQL注入检查......

$query = mysqli_query($link,"SELECT * FROM table_name where username='" . mysqli_real_escape_string($link, $userField) . "'");
$fetch = mysqli_fetch_assoc($query);
if ($fetch['username']== $userField)
{
    echo 'Login Successful';
} else {
    echo 'Login Unsuccessful';
}

这应该多一点......

答案 2 :(得分:1)

试试这段代码

<?php
$userField = $_POST['user'];

 $sqlHost   = 'localhost';
 $sqlDb     = 'DBNAME';     //Database Name
 $sqlId     = 'USERNAME';       //Database User Name
 $sqlPass   = 'PASSWORD';       //Database Password
 $link = mysqli_connect($sqlHost,$sqlId,$sqlPass,$sqlDb);
 mysqli_select_db($link,$sqlDb);

//Read table records
$conn = mysqli_query($link,"SELECT * FROM table_name where username='".$userField."'");
$res=mysqli_fetch_assoc($conn);
$username=$res['username'];
if ($username== $tocompare)
{
echo "Login Successful";
 }
else
{
echo "Login Unsuccessful";
}
 //Close MySql Connection
 mysqli_close($link);
exit();
?>