如何使用单一登录表单从sql中的两个不同表中获取数据

时间:2018-06-13 22:08:42

标签: php sql login phpmyadmin

我在SQL中创建了两个表。第一个是登录表,第二个是注册表。在登录表中我插入了一行用户admin和密码admin,它在我登录时有效。但是现在我想从注册表登录。我的意思是,如果已经注册的用户想要登录他怎么做呢???

以下是我的代码,请帮帮我。 当我尝试以注册用户身份登录时,它会向我显示错误“无效的用户名或密码”:

<?php 
include('../dbcon.php');  //Database connection included
if (isset($_POST['login'])) {

    $username = $_POST['uname'];       //data of login table in sql
    $password = $_POST['password'];
    $qry = "SELECT * FROM `login` WHERE `uname`='$username' AND `password`='$password' ";
    $run = mysqli_query($dbcon,$qry);
    $row = mysqli_num_rows($run);
    if ($row<1) 
    {
        echo "invalid usernaem or password";
    }
    else
    {

        $data = mysqli_fetch_assoc($run);
        $id  = $data['id'];
        echo "Your Id is " .$id;
    }
}
else
{
    if (isset($_POST['login'])) {       //for the  data of registraion table in sql
        $username = $_POST['uname'];
        $password = $_POST['password'];
        $qry = "SELECT * FROM `registration` WHERE `uname`= '$username' OR `email`='$email' AND `password` = '$password' ";
        $run = mysqli_query($dbcon,$qry);
        $row = mysqli_num_rows($run);
        if ($row<1) 
        {
            echo "password is incorrect";
        }
        else
        {
            $data = mysqli_fetch_assoc($run);
            $id  = $data['id'];
            echo "Your Id is " .$id;
        }

    }
}

?>

1 个答案:

答案 0 :(得分:0)

registration查询找不到任何内容时,您需要查询login表。

<?php 
include('../dbcon.php');  //Database connection included
if (isset($_POST['login'])) {

    $username = $_POST['uname'];       //data of login table in sql
    $password = $_POST['password'];
    $qry = "SELECT * FROM `login` WHERE `uname`='$username' AND `password`='$password' ";
    $run = mysqli_query($dbcon,$qry);
    $row = mysqli_num_rows($run);
    if ($row<1) 
    {
        // not an admin, check registration table
        $email = $_POST['email'];
        $qry = "SELECT * FROM `registration` WHERE (`uname`= '$username' OR `email`='$email') AND `password` = '$password' ";
        $run = mysqli_query($dbcon,$qry);
        $row = mysqli_num_rows($run);
        if ($row<1) 
        {
            echo "password is incorrect";
        }
        else
        {
            $data = mysqli_fetch_assoc($run);
            $id  = $data['id'];
            echo "Your Id is " .$id;
        }
    }
    else
    {
        $data = mysqli_fetch_assoc($run);
        $id  = $data['id'];
        echo "Your Id is " .$id;
    }
}
?>

您还应学会使用预准备语句,而不是将变量替换为SQL,以防止SQL注入。见How can I prevent SQL injection in PHP?。您应该使用password_hash()password_verify()而不是将明文密码存储在数据库中。

相关问题
最新问题