[英]Specific user type in MySQL and PHP
我有3个用于connection.php的文件。 work.php login.php这些是我用来识别数据库中用户类型或管理员类型的代码。
我使用MySQL,因为它在编码/开发过程中是必需的,
我遇到的问题是我无法检测到用户类型。 您能否建议识别用户类型的可能性。
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
//$type = $_POST['type'];
// $query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'
//and emp_type = '1'");
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>DETECTED Username AND PASS already exists!";
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '1' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING1";
}
else
{
echo "<br>QUEEN1";
}
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '2' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING2";
}
else
{
echo "<br>QUEEN";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
}
mysql_close();
?>
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '', 'wildlife');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}
?>
work.php
<?php
include('login.php');
?>
<html>
<head><title>INDETIFY THE USER TYPE</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>
结果,当输入** super,super **时
首先:不再使用mysql_*
函数。 相关问题: 为什么我不应该在PHP中使用mysql_ *函数? 而是使用mysqli_*
函数或PDO数据库扩展来连接到MySQL数据库。
第二:您的实现是错误的。 您的函数mysql_num_rows
将始终只返回一行,因为您在查询中所说的只是“给我emp_type
为1的所有行”(或2)。 但这将始终返回一行,因为您具有emp_type 1的行。像这样编辑查询:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '$user'");
之后,您可以读取结果的emp_type
记录中的内容。
更好的方法是转义您输入的信息以防止sql-injection:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '".mysql_real_escape_string($user)."'");
但是请记住不要再使用mysql_ *了!
试试这个代码
$query = mysql_query("SELECT *
FROM wrd_users
WHERE emp_username='$user'
and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
$row=mysql_fetch_array($query);
if($row['emp_type']=='1')
{
echo "<br>KING1";
}
if($row['emp_type']=='2')
{
echo "<br>KING2";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.