1. 首页
  2. 问答
  3. 无法从MySQL表中检索数据

无法从MySQL表中检索数据

2013-02-27 150 views
0

首先,我是php的新手。我也是MySQL的新手,所以请对我温和。其次,我知道mysql_ *被贬值,并且一旦我了解了更多信息,这个问题就会在稍后被修复。无法从MySQL表中检索数据

所以我有以下代码:

 if(isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['password']) && !empty($_POST['password'])){ 
      $email = mysql_escape_string($_POST['email']); 
      $password = mysql_escape_string($_POST['password']); 

      $search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error()); 
      $match = mysql_num_rows($search); 

      if($match > 0){ 
       $user=$search['forename'] .' '.$search['surname']; 
       $_SESSION['username']=$user; 
       $msg = 'Login Complete! Thanks, '.$user.'!'; 
      }else{ 
       $msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.'; 
      } 
     }

很简单,我检查了电子邮件地址和密码匹配(我知道这是不是一个哈希密码......再次,不是一个问题,因为它是一个测试)。如果他们这样做,并且帐户已被激活,那么我想要返回用户名和姓(用户表中的forename/surname)并将它们存储在会话变量中。如果该变量已设置,我想使用此信息来确认用户已登录(并因此可以访问某些页面)。但是,此测试不返回用户名,而是输出:

登录完成!谢谢, !

任何帮助,将不胜感激。

来源

2013-02-27 Glenn

+0

mysql_num_rows现在已弃用。使用PDO或mysqli。 – Husman 2013-02-27 14:11:56

+0

你需要mysql_fetch_array:while($ row = mysql_fetch_array($ search)){ $ user = $ row ['forename']。' ”。$行[ '姓']; } – 2013-02-27 14:12:28

+0

当你运行这个时会发生什么?你有一个SQL连接错误?或者什么也没有? – Husman 2013-02-27 14:13:37

回答

1

记住由mysql_query的价值回归是资源,所以你需要将结果行获取作为关联数组。

while ($row = mysql_fetch_assoc($search)) 
{ 
    $user=$row['forename'] .' '.$row['surname']; 
    $_SESSION['username']=$user; 
}

作为旁注,查询是用SQL Injection脆弱,如果变量的值(小号)从外部来了。请看下面的文章,了解如何防止它。通过使用PreparedStatements你可以摆脱使用单引号围绕值。

来源

2013-02-27 14:10:51

+0

这很完美。我删除了循环,因为它应该最多只有1个记录(电子邮件是主键)。现在我只需要开始检查会话是否正常。我一直有意要阅读更多停止注射,所以我一定会检查链接,谢谢! – Glenn 2013-02-27 14:17:18

+0

这与mysql_fetch_array有何不同? – Glenn 2013-02-27 14:17:45

+0

[mysql_fetch_array,mysql_fetch_assoc,mysql_fetch_object](http://stackoverflow.com/questions/1536813/mysql-fetch-array-mysql-fetch-assoc-mysql-fetch-object) – 2013-02-27 14:19:11

0

你需要做的$row = mysql_fetch_array($search);

然后

$user=$row['forename'] .' '.$row['surname'];

来源

2013-02-27 14:10:48 Perry

0

您更换代码 /* ** * ** * ** * ***代码* ***/ if(isset($ _P ($ _ POST ['email'])AND isset($ _ POST ['password'])& &!空($ _ POST ['password'])){$ email = mysql_escape_string($ _ POST ['email']); $ password = mysql_escape_string($ _ POST ['password']);

 $search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error()); 
     $match = mysql_num_rows($search); 

     if($match > 0){ 
      $user=$search['forename'] .' '.$search['surname']; 
      $_SESSION['username']=$user; 
      $msg = 'Login Complete! Thanks, '.$user.'!'; 
     }else{ 
      $msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.'; 
     } 
    }

/* ** * ** * ** * ***我的代码* ***/

if(isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['password']) && !empty($_POST['password'])){ 
     $email = mysql_escape_string($_POST['email']); 
     $password = mysql_escape_string($_POST['password']); 

     $search = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."' AND active='1'") or die(mysql_error()); 
     $match = mysql_num_rows($search); 

     if($match > 0){ 
      $search = mysql_fetch_array($search); 
      $user=$search['forename'] .' '.$search['surname']; 
      $_SESSION['username']=$user; 
      $msg = 'Login Complete! Thanks, '.$user.'!'; 
     }else{ 
      $msg = 'Login Failed!<br /> Please make sure that you enter the correct details and that you have activated your account.'; 
     } 
    }

来源

2013-02-27 14:14:09

+0

请不要使用像mysql_这样不推荐使用的函数*。 – 2013-02-27 15:48:06

相关问题

 相关问题