“登录”脚本中的SQL查询问题令人困惑的情况

时间:2019-01-16 07:24:57

标签: php sql login

我对WampServer的PHP有问题。我这样做是我一生中的第一次,我真的很困惑,因为我发现的每个示例都根本无法正常工作,或者我没有得到任何输出。你能帮忙吗?

enter code<?php
require_once "connect.php";

$connection = @new mysqli($host, $db_user, $db_password, $db_name);

//if($connection->connect_error)
//{
//  echo "Nie można połączyć się z bazą danych";
////} else
//{
    $mail = isset('$_POST[mail]');
    $haslo = isset('$_POST[haslo]');

    sql = "SELECT * FROM users WHERE mail='$mail' AND haslo='$haslo'";
    if ($result = @$connection->query($sql))
    {
        $user = $result->num_rows;
        if($user>0)
        {
            $row = $result->fetch_assoc();
            $user =  $row['mail'];

            header('Location:user.php');
            $result->close();
        } else {
            echo"Podałeś złe dane";
        }
    }
    $connection->close();
//  }
?>

2 个答案:

答案 0 :(得分:2)

欢迎来到。

请在下面的代码中找到更正内容:

<?php
require_once "connect.php";

$connection = @new mysqli($host, $db_user, $db_password, $db_name);

//if($connection->connect_error)
//{
//  echo "Nie można połączyć się z bazą danych";
////} else
//{
    $mail = isset($_POST['mail']) ? $_POST['mail'] : ''; // Added ternary operatr and properly placed single quotes.
    $haslo = isset($_POST['haslo']) ? $_POST['haslo'] : ''; // Same as above

    $sql = "SELECT * FROM users WHERE mail='$mail' AND haslo='$haslo'"; // Replaced sql by $sql as pointed out in comments.
    if ($result = $connection->query($sql)) // Removed @ (Error supressor, no need for it.)
    {
        $user = $result->num_rows;
        if($user>0)
        {
            $row = $result->fetch_assoc();
            $user =  $row['mail'];

            header('Location:user.php');
            $result->close();
        } else {
            echo"Podałeś złe dane";
        }
    }
    $connection->close();
//  }
?>

答案 1 :(得分:0)

有些检查需要以获取操作值的方式进行更新
更新 

<?php
require_once "connect.php";

$connection = @new mysqli($host, $db_user, $db_password, $db_name);

//if($connection->connect_error)
//{
//  echo "Nie można połączyć się z bazą danych";
////} else
//{
    $mail = isset($_POST['mail']) ? $_POST['mail'] : '';
    $haslo = isset($_POST['haslo']) ? $_POST['haslo'] : '';

    sql = "SELECT * FROM users WHERE mail='$mail' AND haslo='$haslo'";
    if ($result = @$connection->query($sql))
    {
        $user = $result->num_rows;
        if(isset($user) && $user > 0)
        {
            $row = $result->fetch_assoc();
            $user =  $row['mail'];

            header('Location:user.php');
            $result->close();
        } else {
            echo"Podałeś złe dane";
        }
    }
    $connection->close();
//  }
?>
相关问题
最新问题