目前我想在用户登录系统时从两个表中获取两个不同的数据。权利表是“user”,“user_staff”和“user_group”。但是,当用户输入其用户名和密码并提交时,提示 “致命错误:在C:\ xampp \ htdocs \ auditsystem \ index.php中的非对象上调用成员函数fetch_array()第26行“
以下是代码:
if($username!= "" && $password != "")
{
//INNER JOIN user_group_module_role ON user.user_group_module_role_id = user_group_module_role.id
$result = $db->query("SELECT * FROM user
INNER JOIN user_staff ON user.user_staff_id = user_staff.id
WHERE username = '$username' AND password = '$password'");
if($result->num_rows == 1)
{
$validate = $result->fetch_assoc();
$query1 = "SELECT * FROM usergroup WHERE id = $validate[user_group_id]";
$result1 = $db->query($query1);
$row1 = $result1->fetch_array();
//change here for the authority
$_SESSION['user_staff'] = $validate['displayname'];
$_SESSION['usergroup'] = $row1['user_group_type'];
echo "<script language='javascript'>window.location='panel.php'</script>";
}
else
{
echo "<script>alert('Sorry, wrong username and password please check.')</script>";
}
}
答案 0 :(得分:5)
您的查询格式错误且失败。这使得$ result1为null / false。您的查询也容易受到SQL注入的攻击!
if($username!= "" && $password != ""){
//INNER JOIN user_group_module_role ON user.user_group_module_role_id = user_group_module_role.id
$result = $db->query("SELECT * FROM user INNER JOIN user_staff ON user.user_staff_id = user_staff.id WHERE username = '$username' AND password = '$password'");
if($result->num_rows == 1){
$validate = $result->fetch_assoc();
$query1 = "SELECT * FROM usergroup WHERE id = {$validate['user_group_id']}";
if($result1 = $db->query($query1)){
$row1 = $result1->fetch_array();
//change here for the authority
$_SESSION['user_staff'] = $validate['displayname'];
$_SESSION['usergroup'] = $row1['user_group_type'];
echo "<script language='javascript'>window.location='panel.php'</script>";
} else {
echo "<script language='javascript'>alert('SQL Error.');</script>";
}
} else {
echo "<script>alert('Sorry, wrong username and password please check.')</script>";
}
}