[英]Specific user type in MySQL and PHP
I have 3 files for connection.php. 我有3个用于connection.php的文件。 work.php login.php these are the codes that I use to be able to identify the users type or the type of administrator in the database.
work.php login.php这些是我用来识别数据库中用户类型或管理员类型的代码。
I use MySQL since it is required in the coding/dev process, 我使用MySQL,因为它在编码/开发过程中是必需的,
The problem that I am encountering is that I am unable to detect the user type. 我遇到的问题是我无法检测到用户类型。 Can you please suggest what could be the possible to identify the user types.
您能否建议识别用户类型的可能性。
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
//$type = $_POST['type'];
// $query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'
//and emp_type = '1'");
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>DETECTED Username AND PASS already exists!";
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '1' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING1";
}
else
{
echo "<br>QUEEN1";
}
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '2' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING2";
}
else
{
echo "<br>QUEEN";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
}
mysql_close();
?>
connection.php connection.php
<?php
$conn = mysql_connect('localhost', 'root', '', 'wildlife');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}
?>
work.php work.php
<?php
include('login.php');
?>
<html>
<head><title>INDETIFY THE USER TYPE</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>
as a result the when **super , super ** is entered 结果,当输入** super,super **时
First: Don't use mysql_*
functions anymore. 首先:不再使用
mysql_*
函数。 Related question: Why shouldn't I use mysql_* functions in PHP? 相关问题: 为什么我不应该在PHP中使用mysql_ *函数? Instead use
mysqli_*
functions or PDO database extension to connect to a MySQL-Database. 而是使用
mysqli_*
函数或PDO数据库扩展来连接到MySQL数据库。
Second: Your implementation is wrong. 第二:您的实现是错误的。 Your functions
mysql_num_rows
will always return exactly one row, because all you said in the query was "give me all rows where emp_type
is 1" (or 2). 您的函数
mysql_num_rows
将始终只返回一行,因为您在查询中所说的只是“给我emp_type
为1的所有行”(或2)。 But this will always return one row, because you have that row with emp_type 1. Edit your query like this: 但这将始终返回一行,因为您具有emp_type 1的行。像这样编辑查询:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '$user'");
After that, you can read what's in the emp_type
record of your result. 之后,您可以读取结果的
emp_type
记录中的内容。
An even better method would be to escape your entered information to prevent sql-injection: 更好的方法是转义您输入的信息以防止sql-injection:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '".mysql_real_escape_string($user)."'");
But remember not to use mysql_* anymore! 但是请记住不要再使用mysql_ *了!
Try this code 试试这个代码
$query = mysql_query("SELECT *
FROM wrd_users
WHERE emp_username='$user'
and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
$row=mysql_fetch_array($query);
if($row['emp_type']=='1')
{
echo "<br>KING1";
}
if($row['emp_type']=='2')
{
echo "<br>KING2";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.