我正在尝试创建一个登录页面,在其中查找用户名,密码和统计信息(以重定向到其各自的界面)。我有什么可以做的吗?
我使用的是PHP 7,我曾尝试做过$sqluser = "SELECT * FROM adminlist, studentlist, teacherlist WHERE username = '$username' AND password = '$password' ";,但搜索失败
<?php
session_start();
//The initial screen for login
$server = 'localhost';
$user = 'root';
$pass = '';
$db = 'tap';
$conn = mysqli_connect($server, $user, $pass, $db);
$sql = "SELECT * FROM adminlist, studenlist, teacherlist";
$result = mysqli_query($conn,$sql);
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqluser = "SELECT * FROM adminlist, studenlist, teacherlist WHERE username = '$username' AND password = '$password' ";
$result = mysqli_query($conn, $sqluser);
if($result->num_rows > 0)
{
while ($row = $result -> fetch_assoc())
{
$stat = $row['stat'];
}
header("Location: logintest.php?id=" . $stat );
}
else
{
echo "Account not found";
}
}
$conn->close();
这是错误消息:
注意:尝试在第20行的C:\ xampp \ htdocs \ TAP \ TapHome.php中获取非对象的属性“ num_rows” 找不到帐户
答案 0 :(得分:0)
您需要使用UNION,而不是交叉产品。另外,您应该使用准备好的查询来防止SQL注入。
$sqluser = "
SELECT stat FROM adminlist WHERE username = ? AND password = ?
UNION
SELECT stat FROM studentlist WHERE username = ? AND password = ?
UNION
SELECT stat FROM teacherlist WHERE username = ? AND password = ?";
$stmt = $conn->prepare("$sqluser");
$stmt->bind_param("ssssss", $username, $password, $username, $password, $username, $password);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row) {
$stat = $row['stat'];
header("Location: logintest.php?id=" . $stat );
} else {
echo "Account not found";
}