嗨我收到这个错误虽然我试图改变新的我仍然得到这个问题可以任何人告诉我该怎么办。我已完全更改了页面数据库,但仍然出现同样的错误。
错误>
您的SQL语法有错误;检查与MariaDB服务器版本对应的手册,以便在''calendar_admin'附近使用正确的语法WHERE teacher_id ='ipcst123'和密码='a141c47927929bc2d1fb6' 在第1行
我的代码>
<?php
$username=$_POST['teacherId'];
$password=$_POST['password'];
$password=md5($password);
try {
$bdd = new PDO('mysql:host=localhost;dbname=XXX', 'XXX', 'XXX');
} catch(Exception $e) {
exit('Unable to connect to database.');
}
$query ="SELECT * FROM 'calendar_admin' WHERE teacher_id="."'".$username."' and password="."'".$password."' ";
$resultat = $bdd->query($query) or die(print_r($bdd->errorInfo()));
$res = $resultat->fetchAll(PDO::FETCH_ASSOC);
foreach($res as $result){
$pass=md5($password);
$user=$result["teacher_id"];
if ($pass==$result["password"]&& $username == $user ){
echo "login Success";
session_start();
$_SESSION['teacher_id'] = $username;
header('Location:/addEvents.php');
}else{
header('Location:/login.php');
//echo "Incorrect Password";
}
}
答案 0 :(得分:1)
你应该使用反引号而不是单引号:
$query ="SELECT * FROM `calendar_admin` WHERE teacher_id='".$username."' and `password`='".$password."' ";
或者只是删除它们
$query ="SELECT * FROM calendar_admin WHERE teacher_id='".$username."' and `password`='".$password."' ";
由于你使用PDO,你应该绑定参数,但不能将它们连接到查询中:
$query ="SELECT * FROM calendar_admin WHERE teacher_id= :teacher and `password`= :password ";
$sth = $bdd->prepare($query);
$sth->bindParam(':teacher',$username);
$sth->bindParam(':password',$password);
$sth->execute();
$res = $sth->fetchAll(PDO::FETCH_ASSOC);
答案 1 :(得分:1)
围绕列名和表名必须是反引号,而不是单引号。如果这些名字不是来自保留字(或空格或连字符,或者MySQL会尖叫的任何其他内容,,@ Fred -ii-在下面的评论中),那就没有了:
`calendar_admin`
完整查询:
$query ="SELECT *
FROM `calendar_admin`
WHERE teacher_id = '" . $username . "' AND
password = '" . $password . "'";
不要忘记从用户输入中删除数据。
答案 2 :(得分:0)
$query = "
SELECT *
FROM calendar_admin
WHERE teacher_id = '$username'
AND password = '$password';
";
接下来,看看准备好的陈述