Specific user type in MySQL and PHP
Question
I have 3 files for connection.php. work.php login.php these are the codes that I use to be able to identify the users type or the type of administrator in the database.
I use MySQL since it is required in the coding/dev process,
The problem that I am encountering is that I am unable to detect the user type. Can you please suggest what could be the possible to identify the user types.
login.php
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
//$type = $_POST['type'];
// $query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'
//and emp_type = '1'");
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>DETECTED Username AND PASS already exists!";
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '1' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING1";
}
else
{
echo "<br>QUEEN1";
}
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '2' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING2";
}
else
{
echo "<br>QUEEN";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
}
mysql_close();
?>
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '', 'wildlife');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}
?>
work.php
<?php
include('login.php');
?>
<html>
<head><title>INDETIFY THE USER TYPE</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>
as a result the when **super , super ** is entered
2 answers
solution1
1 2016-08-05 08:52:28
First: Don't use mysql_* functions anymore. Related question: Why shouldn't I use mysql_* functions in PHP? Instead use mysqli_* functions or PDO database extension to connect to a MySQL-Database.
Second: Your implementation is wrong. Your functions mysql_num_rows will always return exactly one row, because all you said in the query was "give me all rows where emp_type is 1" (or 2). But this will always return one row, because you have that row with emp_type 1. Edit your query like this:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '$user'");
After that, you can read what's in the emp_type record of your result.
An even better method would be to escape your entered information to prevent sql-injection:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '".mysql_real_escape_string($user)."'");
But remember not to use mysql_* anymore!
solution2
0 2016-08-05 08:42:11
Try this code
$query = mysql_query("SELECT *
FROM wrd_users
WHERE emp_username='$user'
and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
$row=mysql_fetch_array($query);
if($row['emp_type']=='1')
{
echo "<br>KING1";
}
if($row['emp_type']=='2')
{
echo "<br>KING2";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.