简体   繁体   中英

No Match found using query in MySql database using PHP

I have a MySql database with the following columns:

在此处输入图片说明

and a HTML form like so:

                           <form method="post" action="validate.php">
                               <label for="users_email">Email:</label>
                               <input type="text" id="users_email" name="users_email">
                               <label for="users_pass">Password:</label>
                               <input type="password" id="users_pass" name="users_pass">
                               <input type="submit" value="Submit"/>
                           </form>

Here's snippet of code within the validate.php page:

$email = $_POST['users_email'];
$pass = $_POST['users_pass'];

$dbhost = '************';
$dbuser = '************';
$dbpass = '************';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn)
{
    die('Could not connect: '. mysql_error());
}

mysql_select_db("SafeDropbox", $conn);

$result = mysql_query("SELECT Email, UserPassword FROM tblnewusers WHERE Email = $email");

$row = mysql_fetch_array($result);

if($row['Email'] == $email && $row['UserPassword'] == $pass) {
    echo "Valid";   
}

elseif($row.count() == 0) {
    echo "No Match";
}

else {
    echo "Invalid";
 //header("Location: http://www.google.ie");
    //exit();
}

The problem is I'm getting no match even though the values of $email and $pass are definitely within my database. What am I doing wrong?

The problem is in:

$result = mysql_query("SELECT Email, UserPassword FROM tblnewusers WHERE Email = $email");

$email should be escaped and surrounded by quotes. The safest solution is to use a prepared statement:

$result = mysql_query("SELECT Email, UserPassword FROM tblnewusers WHERE Email = ?");
$con=new mysqli($dbhost, $dbuser, $dbpass, $yourDatabase);
$stmt = $mysqli->prepare($result);
$stmt->bind("s",$email);
$result=$stmt->execute();

For more details see http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM