所以我的查询看起来像这样
`$dbUser = "SELECT * FROM accaount, role WHERE Username = :username AND Password = :password UNION SELECT * FROM role , accaount WHERE Role_idRole = idRole ";
$query = $conn->prepare( $dbUser);
$query->bindParam(":username", $Username);
$query->bindParam(":password", $Password);
$query->execute();`
错误是UNION SELECT * FROM role , accaount WHERE Role_idRole = idRole.我尝试做的是使我的外键(Role_idRole)等于我的主键来自名为role的主表,其主键为idRole。我尝试做的是查看您的帐户是否是管理员帐户。所以,如果我是一个管理员,那么Name = 1,而不是Name = 0.名称在角色的表中。
这是我登录的完整代码
`<?php
if(!isset($_SESSION))
{
session_start();
}
require('dbConnection.php');
$Password = $_POST['LPassword'];
$Username = $_POST['LUsername'];
$dbUser = "SELECT * FROM accaount, role WHERE Username = :username AND Password = :password UNION SELECT * FROM role , accaount WHERE Role_idRole = idRole ";
$query = $conn->prepare( $dbUser);
$query->bindParam(":username", $Username);
$query->bindParam(":password", $Password);
$query->execute();
$result = $query->fetch(PDO::FETCH_ASSOC);
var_dump($result);
if ($result["Username"] == $Username && $result["Password"] == $Password) {
if($result['Name'] == 0) {
$_SESSION['LOGINUsername'] = $Username;
echo "Member";
}
$tpl->assign('USERNAME', $Username);
if($result['Name'] == 1) {
$_SESSION['LOGINAdmin'] = $Username;
echo "Admin";
}
}
else {
echo "FAIL!";
}`
而且我知道帐号拼写错误,但这并不是我的数据库中的错误。这也就是var dump显示的内容
array(size = 8)
&#39; idAccaount&#39; =&GT; int 2
&#39;用户名&#39; =&GT; string&#39; rwere&#39; (长度= 5)
&#39;密码&#39; =&GT; string&#39; rwere&#39; (长度= 5)
&#39;盐&#39; =&GT;字符串&#39; 380&#39; (长度= 3)
&#39;复位&#39; =&GT;空
&#39; Role_idRole&#39; =&GT;字符串&#39; 45&#39; (长度= 2)
&#39; idRole&#39; =&GT;字符串&#39; 40&#39; (长度= 2)
&#39;名称&#39; =&GT; int 1
你可以看到这个人必须是一名成员而不是一名管理员。如果我们查看idRole 45,则名称int必须为0.
我真的很困惑。
答案 0 :(得分:0)
$dbUser = "SELECT accaount.Username, accaount.Password, accaount.Role_idRole, role.Name FROM accaount INNER JOIN role ON accaount.Role_idRole=role.idRole WHERE accaount.Username = :username AND accaount.Password = :password AND Role_idRole = idRole";