我有3张桌子供用户使用;一个用于学生,另一个用于教授,另一个用于管理者。
现在我在Android中创建3个不同的布局页面。每个人在MySQL DB中都有不同的表。
我想为所有三个使用一个登录页面,但我不知道如何执行此操作。我写了一些代码,但我不知道查询是否正确。
<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
include 'db.php';
$con = mysqli_connect($HostName,$HostUser,$HostPass,$DatabaseName);
$email = $_POST['email'];
$password = $_POST['password'];
$Sql_Query = "select exists(
select 1 from manger where Email = '$Email' and Password = '$Password'
union
select 1 from student where Email = '$Email' and Password = '$Password'
union
select 1 from professor where Email = '$Email' and Password = '$Password'
)";
$check = mysqli_fetch_array(mysqli_query($con,$Sql_Query));
if(isset($check)){
echo "Welcome To Application";
}
else{
echo "Invalid Username or Password";
}
}else{
echo "Try Again";
}
mysqli_close($con);
?>
答案 0 :(得分:1)
如果学生,教授和经理表都包含相同的信息,那么创建一个包含所有用户的单个表并附加一列表示用户类型会更好。然后,您可以执行简单的单个选择语句。
如果您确实需要3个单独的表,那么以下代码将更合适:
<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
include 'db.php';
$con = new mysqli($HostName,$HostUser,$HostPass,$DatabaseName);
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
$Sql_Query = "
select Password from manger where Email = ?
union
select Password from student where Email = ?
union
select Password from professor where Email = ?";
$result = $con->prepare($Sql_Query)->bind_param("sss", $email, $email, $email )->get_result();
$check=false;
while ($row = $res->fetch_assoc())
{
if ( password_verify($password, $row[ "Password" ]) )
{
$check = true;
break;
}
}
if($check){
echo "Welcome To Application";
}
else{
echo "Invalid Username or Password";
}
}else{
echo "Try Again";
}
我还没有对上述内容进行测试,因此它可能包含错误/语法错误,但至少应该更加安全。
插入新用户时,您需要将密码设置为password_hash( $password, PASSWORD_DEFAULT )
,而不是直接插入密码。