堆栈内存溢出
  简体   繁体   English

MySQL查询IFEXIST不返回任何结果

[英]Mysql query IFEXIST does not return any result

 原文  2014-04-24 09:55:35       php/ mysql

问题描述

I am trying to create a login form in PHP. 我正在尝试在PHP中创建一个登录表单。 i am passing the username and password that user had entered and check weather that exist in the data base. 我正在传递用户输入的用户名和密码,并检查数据库中存在的天气。

i have done the coding, but IF EXIST query does not return any result. 我已经完成了编码,但是IF EXIST查询未返回任何结果。

can any one help me to fix this. 谁能帮我解决这个问题。 or give me a alternate idea.. Thank you... 或给我一个替代主意..谢谢... 

        <?php

        $name= $_POST["usname"];
        $pass = $_POST ["password"];

        $connection = mysqli_connect("localhost","sathya","sathya","learning1"); 
        //mysqli_query($connection,"INSERT INTO user (name, password) VALUES ('".$name."', '".$pass."')");
        $result = mysqli_query($connection, "IF EXISTS(SELECT *  FROM  user  WHERE name='".$name."'AND password='".$pass."')");
        mysqli_close($connection);

        echo "result ".$result;

        if($result == True){

          header("Location: logedin.php");
            //redirect_to('logedin.php');
        }else{

            echo "not logged in installed";
        }


        ?>

3 个解决方案

解决方案1
 4  2014-04-24 16:57:58

This is a late answer, but there are a few things you need to be made aware of. 这是一个较晚的答案,但是您需要注意一些事项。 (Not taking away from the accepted answer). (不排除已接受的答案)。

You will need to use if(mysqli_num_rows($result) > 0) because your query will always be TRUE if the username matches and the password does NOT, and vice-versa. 您将需要使用if(mysqli_num_rows($result) > 0)因为如果用户名匹配且密码不匹配,则查询将始终为TRUE,反之亦然。

You are better off using mysqli_num_rows() rather than using if($result == True) 您最好使用mysqli_num_rows()而不是使用if($result == True)

Sidenote: Consult my footnotes regarding password storage and SQL injection. 旁注:请查阅我的有关密码存储和SQL注入的脚注。 

<?php
$DB_HOST = "xxx";
$DB_NAME = "xxx";
$DB_PASS = "xxx";
$DB_USER = "xxx";

$db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
    if($db->connect_errno > 0) {
      die('Connection failed [' . $db->connect_error . ']');
    }

$name = $_POST["usname"]; // See footnotes about this
$pass = $_POST ["password"]; // See footnotes about this

$result = mysqli_query($db, "SELECT EXISTS(SELECT *  FROM  users  WHERE username='".$name."' AND password='".$pass."')");

// Works just as well
// $result = mysqli_query($db, "SELECT * FROM  users  WHERE username='".$name."' AND password='".$pass."'");

    if(mysqli_num_rows($result) > 0){
    echo "Both match.";
    }

    else{
    echo "Sorry, there was not a perfect match.";
    }

Footnotes: 脚注:

You can also use: 您还可以使用: 

$result = mysqli_query($db, "SELECT * FROM  users  WHERE username='".$name."' AND password='".$pass."'");

Which does the same for SELECT EXISTS(SELECT * while using less characters. 对于使用较少字符的SELECT EXISTS(SELECT *

or choose actual columns: 或选择实际列: 

$result = mysqli_query($db, "SELECT username, password FROM  users  WHERE username='".$name."' AND password='".$pass."'");

I suggest that you use prepared statements and sanitize your inputs. 我建议您使用准备好的语句并清理输入内容。 Not doing so will leave you open to SQL injection . 不这样做将使您易于进行SQL注入

Here are a few tutorials on (mysqli) prepared statements that you can study and try: 这是一些有关(mysqli)准备好的语句的教程,您可以研究和尝试:

Here are a few tutorials on PDO: 以下是有关PDO的一些教程:

Passwords 密码

I also noticed that you are storing passwords in plain text. 我还注意到您以纯文本形式存储密码。 This is not recommended. 不建议这样做。

Use one of the following: 使用以下之一:

Other links: 其他连结:

解决方案2
 1 已采纳  2014-04-24 10:01:26

I can't say anything about the PHP part, but the query will surely result in a syntax error. 关于PHP部分,我什么也没说,但是查询肯定会导致语法错误。

IF whatever ... is only allowed in stored procedures or functions, not in single queries. IF whatever ...仅在存储过程或函数中允许,而在单个查询中则不允许。 You can however replace the IF with SELECT like 但是,您可以将IF替换为SELECT类的 

$result = mysqli_query($connection, "SELECT EXISTS(SELECT *  FROM  user  WHERE name='".$name."'AND password='".$pass."')");

This query would return either 0 (if no entry exists) or 1 (if an entry exists). 该查询将返回0(如果不存在任何条目)或1(如果存在一个条目)。 It's also a good idea to use EXISTS as it stops the query as soon as an entry was found and does not return the whole dataset. 使用EXISTS也是一个好主意,因为它会在找到条目后立即停止查询,并且不会返回整个数据集。

解决方案3
 1  2014-04-24 10:07:28

You can try this beside using 'IF EXISTS' function-- 您可以在使用“ IF EXISTS”功能的同时尝试以下操作- 

$result = mysqli_query($connection, "SELECT *  FROM  user  WHERE name='".$name."'AND password='".$pass."'");



$count=mysql_num_rows($result);
if($count==1)  // $count=1 if any row is present with mathing username and pwd in db
{
    echo "user already logged in";
}
else  
{
  echo "user not exist";
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么这个MySQL查询只返回1个结果? - Why Does This MySQL Query Return Just 1 Result? 使用LIKE的Laravel查询不会返回任何结果 - Laravel query using LIKE does not return any result 如果查询未返回任何结果,如何停止执行脚本 - How to stop execution of the script if query does not return any result 查询不返回结果 - Query does not return a result 为什么我的mysql查询总是返回空结果? - Why does my mysql query always return an empty result? Ajax不返回任何结果 - Ajax does not return any result MySQL查询未返回正确结果 - Mysql query not return correct result 将MySQL查询分为$ query和$ result有什么价值? - Any value of separating a MySQL query into $query and $result? 为什么当MySQL驱动程序执行查询时,Codeigniters msqli驱动程序返回null作为查询结果? - Why does Codeigniters msqli driver return null as a query result while the mysql driver executes the query just fine? sqlsrv_query 执行检查数据功能后没有返回任何结果 - The sqlsrv_query does not return any result after the checking data function is perform
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM