Login page check username from two different tables

Question

I have a site which has two type of users, doctor and patient. I store the information about these two types of users in two different tables. When a user is logging in, I want check if the login name submitted by the user exists in the first table (ex: patient) or in the second table (ex: doctor). How I can do this?

Below is part of my code containing the SELECT statement that I have written:

$query = 
"SELECT username, password 
 FROM patient 
 WHERE username='$username' AND password='$password'";

I'm currently SELECT ing from the patient table, but I want to know how to SELECT both from the patient table and the doctor table.

Can you help me please?

Answer 1

You can do this using MySQL's UNION() function.

$query = "SELECT username, password 
    FROM table_1 
    WHERE username='$username' AND password='$password' 
    UNION 
    SELECT username, password 
    FROM table_2 
    WHERE username='$username' AND password='$password'";

Nota: String variables must be wrapped in quotes.

I must point out though, that this method is open to SQL injection and I hope you are not storing passwords in plain text.

If you are storing passwords in plain text, it is highly discouraged and is prone to your site being compromised.

It is recommended to use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.
For PHP < 5.5 use the password_hash() compatibility pack .

Plus, in regards to SQL injection, use mysqli with prepared statements , or PDO with prepared statements , they're much safer .

Answer 2

您的DBMS是否支持UNION语句？

$query = "SELECT username,password FROM patient WHERE username='$username' AND password='$password' UNION SELECT username,password FROM othertable WHERE username='$username' AND password='$password";