页面执行

时间:2016-02-27 11:55:03

标签: php mysql

刚刚在phpmyadmin上测试了SQL命令,它是成功的。

但是在php代码的页面中,仍然发生错误。

错误: Erreur desyntaxeprèsde'SELECT* FROM memberdata ='david''àlaligne 1

我的connSQL php代码:

<?php
       $hostname_connSQL = "localhost";
       $database_connSQL = "member";
       $username_connSQL = "root";
       $password_connSQL = "pooleasee";
       $connSQL = mysqli_connect($hostname_connSQL, $username_connSQL,        $password_connSQL) or die('Error:' .mysqli_error($connSQL)); 
       mysqli_query($connSQL,"SET NAMES utf8")
?>

我的登录php代码:

<?php
      header("Content-Type: text/html; charset=utf-8");
      require_once("connSQL.php");
      session_start();
      if(isset($_SESSION["m_username"]) && ($_SESSION["m_username"]!=""))
  {
      header("Location: membercenter.php");   
  }  
      if(isset($_POST["m_username"]) && isset($_POST["m_password"]))
  {
      $sql = "USE `member`; SELECT * FROM `memberdata`='".$_POST["m_username"]."'";
$RecLogin =  mysqli_query($connSQL,$sql)or die('Error:' .mysqli_error($connSQL)); 
  }
    $row_RecLogin = mysqli_fetch_assoc($RecLogin);
    $m_username = $row_RecLogin["m_username"];
    $m_password = $row_RecLogin["m_password"];
if($_POST["m_password"]==$m_password)
  {
    $_SESSION["m_username"] = $m_username;
    if(isset($_POST["rememberme"]) && ($_POST["rememberme"]=="true")) 
  {
    setcookie("m_username", $_POST["m_username"], time()+365*24*60*60);
    setcookie("m_password", $_POST["m_password"], time()+365*24*60*60);
  } else 
  {
    if(isset($_COOKIE["m_username"])) 
    {
      setcookie("m_username", $_POST["m_username"], time()-100);
      setcookie("m_password", $_POST["m_password"], time()-100);
    }
    }
    {   
      header("Location: membercenter.php");
    }
    } 
      else 
    {
      header("Location: index.php?loginFail=true");
    }
?>

我的数据库:

enter image description here

其实我是一个tiro,有很多地方需要学习。我找不到错误。希望你能帮助我。

2 个答案:

答案 0 :(得分:1)

您的查询语法不正确,WHERE columnName缺失。也始终使用mysqli_real_escape_string

转义值 
Incorrect Syntax:
$sql = "SELECT * FROM `memberdata`='".$_POST["m_username"]."'";

Correct Syntax:
$sql = "SELECT * FROM `memberdata` WHERE m_username='".mysqli_real_escape_string($connSQL, $_POST["m_username"])."'";

答案 1 :(得分:0)

将sql语法更改为

$sql = "SELECT * FROM memberdata WHERE `m_username`='" . $_POST["m_username"] . "'";
相关问题
最新问题