I have a problem, this is my code:
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register where email = '$eml' and password = '$pass'");
if($result1->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'client';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result2 = $db->query("select * from b_register where email = '$eml' and password = '$pass'");
if($result2->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'business';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result3 = $db->query("select * from g_register where email = '$eml' and password = '$pass'");
if($result3->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'employee';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result4 = $db->query("select * from k_register where email = '$eml' and password = '$pass'");
if($result4->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'super';
promptUser("You have successfully logged in!!!","index.php");
}
else
{
promptUser("Username/Password do not match. Please try again!!!","");
}
Funny enough this code works, but I no that I went about it the wrong way. I am new with php and mysql, so please help. I also tried eg result4->free();
for all the variable that save the data, and I got this error: Fatal error: Call to a member function free() on a non-object in...
Don't repeat yourself. You already made your mysqli object, so reuse it. For example:
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register...");
$result2 = $db->query("select * from d_register...");
$result3 = $db->query("select * from e_register...");
This will make your code more legible, and easier to modify later.
mysqli::query() returns a result object only after a successful query.
You need to build in a check:
if(($result1 != false) and ($result1->fetch_array())) // The same for 2,3,4...
you should get the error message using
echo $db->error;
From PHP Manual: mysqli::query returns TRUE on success or FALSE on failure. For SELECT, SHOW, DESCRIBE or EXPLAIN mysqli_query() will return a result object.
So you should test it:
if ($result != false) {
...
} else {
// print error or whatever
}
Btw. it is not to variables like $eml
and $pass
- if a user type as $pass
something like: bleh' OR 1 = 1 OR password = 'bleh
, then the whole query will look like: 不要 $eml
和$pass
类的变量-如果用户类型为$pass
东西: bleh' OR 1 = 1 OR password = 'bleh
,则整个查询将类似于:
select * from b_register where email = 'some@email.com' and password = 'bleh' OR 1 = 1 OR password = 'bleh'
and the user will get logged without knowing the password!
Therefore you should use:
mysql_real_escape_string($eml)and the same for
$pass
.
Or even better: use - see: http://pl2.php.net/manual/en/mysqli.prepare.php -参见: http : //pl2.php.net/manual/en/mysqli.prepare.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.