带有AND运算符的Php mysQli脚本不能按预期方式工作

Question

我一直在编写似乎永远不会按照我希望的方式工作的查询。在这个脚本中，如果试图登录的用户有user_level 'Admin'，他应该直接输入adminhome.php elseif用户有user_level 'Employee'他应该被导向到employeehome.php。我已经创建了这两个用户阿曼达与user_level Admin和雨果与user_level 'Employee'来测试脚本，但无论我登录谁，它会触发$error。

的login.php您使用两个非常相似的选择

<?php 
if($_SERVER["REQUEST_METHOD"] == "POST") { 

    $myusername = mysqli_real_escape_string($db,$_POST['username']); 
    $mypassword = $_POST['password'];   


    $hashedPasswordQry = "SELECT password FROM users WHERE username = '$myusername'"; 

    $userLevel = mysqli_query($db, "SELECT user_level FROM users WHERE username='".$myusername."'"); 

    $result = mysqli_query($db,$hashedPasswordQry); 
    $row = mysqli_fetch_array($result,MYSQLI_ASSOC); 

    $count = mysqli_num_rows($result); 

    // If result matched $myusername and $mypassword, table row must be 1 row 
    if($count == 1 && (password_verify($mypassword, $row['password'])) && $userLevel == 'Admin') { 

     $_SESSION['login_user'] = $myusername; 


     header("location: user/adminhome.php"); 

    }elseif($count == 1 && (password_verify($mypassword, $row['password'])) && $userLevel == 'Employee'){ 

      $_SESSION['login_user'] = $myusername; 


     header("location: user/employeehome.php"); 
    } 
else{ 
    $error = '<h5 style="text-align: center;" class="alert alert-danger" >Your username or password is invalid</h5>'; 

} 
} 
?> 

Answer 1

，当一个才是必需的。您可以通过用逗号分隔查询来选择多列。SELECT this_column, that_column FROM ...在执行两个查询时，只能访问密码查询的结果，而不能访问$userLevel结果。一个更正确的版本将如下所示：

$query = "SELECT password, user_level FROM users WHERE username = '$myusername'"; 

$result = mysqli_query($db, $query); 
$row = mysqli_fetch_array($result, MYSQLI_ASSOC); 

$count = mysqli_num_rows($result); 

if($count == 1 && (password_verify($mypassword, $row['password'])) && $row['user_level'] == 'Admin') 
{ 
    // do stuff 
} elseif ($count == 1 && (password_verify($mypassword, $row['password'])) && $row['user_level'] == 'Employee') 
{ 
    // do stuff 
}