所以我对PHP很新,但我正在尝试创建一个简单的登录系统。
我现在遇到的问题是,由于某种原因,第二个SQL语句失败,或者没有给出任何回复。
这是我使用的代码。
include 'dbConn.php';
if(isset($_POST['submit']))
{
global $conn;
$username = $_POST['username'];
$password = $_POST['password'];
$saltSql = "SELECT salt FROM users WHERE email = '$username'";
$saltRes = $conn->query($saltSql);
while($resRow = $saltRes->fetch_assoc()){
$salt = $resRow['salt'];
}
$saltedHash = hash("sha512", ($password . $salt));
$sql = "SELECT email, role, FROM users WHERE email = '$username' AND password = '$saltedHash'";
$res = $conn->query($sql);
if($res->num_rows == 1)
{
//Logged in succesfully
echo "Logged in!";
}
else
{
//Something went wrong
echo "Something went wrong";
}
$conn->close();
}
当我手动尝试在phpmyadmin中执行第二个查询时,我收到此错误:#1064 - 您的SQL语法出错;检查与MySQL服务器版本对应的手册,以便在第1行的“FROM users WHERE email ='username'AND password ='5111109d49bc1'附近使用正确的语法。
我真的很感激这方面的一些帮助。
答案 0 :(得分:2)
你的问题似乎是这样的:
$sql = "SELECT email, role, FROM users WHERE email = '$username' AND password = '$saltedHash'"
--------------------------^
您有一个额外的逗号,会导致SQL查询崩溃。删除它,它的工作原理:
$sql = "SELECT email, role FROM users WHERE email = '$username' AND password = '$saltedHash'"