更新并从数据库表中选择

Question

我有两个数据库表，“用户”有3列（id，[自动递增]用户名和捏），另一个表是“别针”，只有一列（从零开始）我的表

USER
Id       username      Pinc


1         Josh             

2         Angela         

3          Chika 


PINS
scratches


123456


234515

124564

我想要一种情况，当用户通过表单提交密码时，它将在pins表中检查是否存在此类数据，如果存在，它将使用表单post更新我的用户表的pinc列，并使用它。 如果引脚表中不存在该引脚，则会出现错误“很抱歉，该引脚不存在”。 我的密码

$sql = "SELECT * FROM    pins WHERE scratches = '" .' $user_password '. "';";
$query = $this->db_connection->query($sql);
if ($query->num_rows== 0){
   $this->errors[] = "Sorry, that PIN does not exist.";
} elseif ($query->num_rows== 1) {  
    $sql = "UPDATE user ".
      "SET pinc = $user_password ".
      "WHERE user_name = $user_name" ;
    $query_new_user_insert = $this->db_connection->query($sql);

    $sql = "SELECT  user_name, pinc 
              FROM user
              WHERE user_name = '" . $user_name . "' ;";
    $result_of_login_check = $this->db_connection->query($sql);
    // if this user exists
    if ($result_of_login_check->num_rows == 1) {
        // get result row (as an object)
        $result_row = $result_of_login_check->fetch_object();
        $_SESSION['user_name'] = $result_row->user_name;
        $_SESSION['user_login_status'] = 1;
    } else {
       $this->errors[] = "Wrong password. Try again.";
    }
} else {
    $this->errors[] = "This user does not exist.";
}
} else {
   $this->errors[] = "Database connection problem.";
}
}
}

当我运行代码时，我得到“抱歉的密码不存在”。 有人可以告诉我这是怎么回事吗？

Answer 1

奇怪的字符串结构：

$sql = "SELECT * FROM pins WHERE scratches = '" .' $user_password '. "';";

它将从WHERE scrathes =“ $ user_password”的引脚中选择所有数据。 它将返回未找到的数据。

像这样修改它：

$sql = "SELECT * FROM    pins WHERE scratches = '" . $user_password . "';";

告诉我它是如何工作的。

Answer 2

您正在$userpassword含义周围使用singe quete '' ，因此您以字符串形式传递像这样更改您的第一个查询

$sql = "SELECT * FROM    pins WHERE scratches = '".$user_password."';";

和您的第二个查询一样也是错误的。 因为我假设$username是一个字符串，你需要它环绕单quete ''这样的

$sql = "UPDATE user ".
   "SET pinc = '$user_password' ".
   "WHERE user_name = '$user_name'" ;//You are missing single quete here if username is a string

我不知道这还是不是问题，但是在您的第三个查询中有多余的空间。 为您的$username contanitation后变量（点后. . ）。 如果这样不起作用，请像这样删除它

$sql = "SELECT  user_name, pinc 
              FROM user
              WHERE user_name = '".$user_name."' ;";

**

这是您的完整代码，看起来应该像

**

$sql = "SELECT * FROM    pins WHERE scratches = '".$user_password ."';";
$query = $this->db_connection->query($sql);
if ($query->num_rows== 0){
   $this->errors[] = "Sorry, that PIN does not exist.";
} elseif ($query->num_rows== 1) {  
    $sql = "UPDATE user SET pinc ='".$user_password."' WHERE user_name ='".$user_name."'" ;
    $query_new_user_insert = $this->db_connection->query($sql);



    $sql = "SELECT  user_name, pinc FROM user WHERE user_name = '".$user_name."' ;";


    $result_of_login_check = $this->db_connection->query($sql);
    // if this user exists
    if ($result_of_login_check->num_rows == 1) {
        // get result row (as an object)
        $result_row = $result_of_login_check->fetch_object();
        $_SESSION['user_name'] = $result_row->user_name;
        $_SESSION['user_login_status'] = 1;
    } else {
       $this->errors[] = "Wrong password. Try again.";
    }
} else {
    $this->errors[] = "This user does not exist.";
}
} 
}
}

Answer 3

更改：

$sql = "SELECT * FROM    pins WHERE scratches = '" .' $user_password '. "';";

至

 $sql = "SELECT * FROM    pins WHERE scratches = '".$user_password."'";