1. 首页
  2. 问答
  3. MySQL查询语法错误在PHP中使用时

MySQL查询语法错误在PHP中使用时

2012-03-19 66 views
1

iPhone代码MySQL查询语法错误在PHP中使用时

当我使用此代码它始终显示错误密码,但我输入正确的凭据。

NSString *post =[NSString stringWithFormat:@"UserName=%@&UserPas sword=%@",userNameTextField.text, userPasswordTextFiled.text]; 

    NSString *hostStr = @"http://www.celeritas-solutions.com/emrapp/connect.php"; 
    = [hostStr stringByAppendingString:post]; 
    NSData *dataURL = [NSData dataWithContentsOfURL: [ NSURL URLWithString: hostStr ]];  
    NSString *serverOutput = [[NSString alloc] initWithData:dataURL encoding: NSASCIIStringEncoding]; 
    if([serverOutput isEqualToString:@"Yes"]){ 
      UIAlertView *alertsuccess = [[UIAlertView alloc] initWithTitle:@"Congrats" message:@"You are authorized " 
                  delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil, nil]; 
     [alertsuccess show]; 
      [alertsuccess release]; 


    } else { 
      UIAlertView *alertsuccess = [[UIAlertView alloc] initWithTitle:@"Error" message:@"Username or Password Incorrect" 
                  delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil, nil]; 
      [alertsuccess show]; 
      [alertsuccess release]; 

    }

我得到验证从数据库中的用户名和密码,但它给SQL语法错误

You have an error in your SQL syntax; check the manual that corresponds to your MySQLserver version for the right syntax to use near 'AND UserPassword=' at line 1 

    mysql_select_db("emriphone", $con); 


    $u=$_GET['UserName']; 
    $pw=$_GET['UserPassword']; 

    $check ="SELECT UserName,UserPassword from appUsers WHERE UserName=$u AND UserPassword=$pw"; 

    $login=mysql_query($check,$con) or die(mysql_error()); 

    if(mysql_num_rows($login)==1){ 

    $row =mysql_fetch_assoc($login); 
    echo 'YES'; exit; 
    } 

else{ 
    echo'NO';exit; 
    } 

mysql_connect($con);

来源

2012-03-19 user1263350

+0

为什么你已经标记了这个问题的** ** iPhone? – Devang 2012-03-19 05:39:02

+0

,因为我用iPhone应用程序连接这个数据库并验证密码和用户名 – user1263350 2012-03-19 06:23:31

+0

那么是什么?没有任何与iPhone相关的代码! – Devang 2012-03-19 06:32:38

回答

1

使用单引号变量在查询''

希望这有助于你。

来源

2012-03-19 05:38:16 Ghostman

+0

我已经这样做,但每次我的脚本发送否回显 – user1263350 2012-03-19 06:21:30

+0

给如果(mysql_num_rows($登录)> 0) – Ghostman 2012-03-19 06:33:11

+0

完成但同样的问题 – user1263350 2012-03-19 06:36:24

3

您需要将单引号中查询 -

$check ="SELECT UserName, UserPassword 
     FROM appUsers 
     WHERE UserName='$u'   
     AND UserPassword='$pw'";  // These are probably varchar data columns 
             // in your db. In that case, you should 
             // put single quotes like this.

当你搜索数据库中的文本字段,应该在它们周围放置单引号。否则MySQL会报告它为错误。

来源

2012-03-19 05:37:15

2

也许你需要在where子句中围绕username和password参数添加单引号,因为我假设它们是字符串。在MySQL中,你需要用单引号包装这些字符串。

来源

2012-03-19 05:38:26 Gohn67

2

假设用户名和密码,你应该纠正如下

$check ="SELECT UserName,UserPassword from appUsers WHERE UserName=$u AND UserPassword=$pw"; 


$check ="SELECT UserName,UserPassword from appUsers WHERE UserName='$u' AND UserPassword='$pw'";

包括各地的用户名和密码

来源

2012-03-19 05:38:44

1 
$check ="SELECT UserName,UserPassword from appUsers WHERE UserName=$u AND UserPassword=$pw";

单引号的文本字段都因为你是使用mysql时,一定要清除SQL注入的用户名和密码使用以下内容:

$u = mysql_real_escape_string($_GET['UserName']); 
$pw = mysql_real_escape_string($_GET['UserPassword']);

最后的想法;使用POST而不是GET的登录页面; d嘿嘿

来源

2012-03-19 05:43:57 Menztrual

0

从SQL注入保护自己,而你在它

$query = sprintf("SELECT UserName,UserPassword from appUsers WHERE UserName='%s' AND UserPassword='%s'", mysql_real_escape_string($u),mysql_real_escape_string($pw));

来源

2012-03-19 05:45:57 Tung

相关问题

 相关问题