[英]INNER JOIN for login form doesn't seem to work in PHP?
首先讓我解釋一下我要做什么...
我在mysql數據庫中有兩個表。 第一個是members
,另一個是storename
。
我在randKey
列中的兩個表中都保存了一個隨機唯一鍵。
這一切都很好。
現在,我有一個要使用的登錄表單,該表單在SELECT
具有INNER JOIN
。
使用INNER JOIN的目的是能夠在上述兩個表中使用randKey
,這樣,如果您知道我的意思,那么用戶將無法登錄其他人的帳戶。
僅當email
, password
和randKey
匹配時,他們才能登錄?
但是,當我運行PHP /登錄頁面並嘗試登錄時,我得到That information is incorrect, try again
回顯給我...
這是我的代碼:
<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["email"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["email"]); // filter everything but numbers and letters
$password = (!empty($_POST['password'])) ? sha1($_POST['password']) : ''; // filter everything but numbers and letters
// Connect to the MySQL database
include "config/connect.php";
$sql = "SELECT members.email, members.password, storename.email, storename.password
FROM `members`
INNER JOIN `storename`
ON (members.randKey = storename.randKey)";
// query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$query = mysqli_query($db_conx, $sql);
if (!$query) {
die(mysqli_error($db_conx));
}
$existCount = mysqli_num_rows($query); // count the row nums
if ($existCount == 1) { // evaluate the count
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: dashboard");
exit();
} else {
echo 'That information is incorrect, try again <a href="login">Click Here</a>';
exit();
}
}
?>
有人可以幫我這個忙嗎?
查詢中沒有過濾器,因此它返回數據庫的每一行。 您可能有多個成員,因此行數不能等於1
。
第二個問題是您沒有在查詢中選擇任何id,但是您嘗試獲取if是否之后。
嘗試這個 :
<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["email"]) && isset($_POST["password"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["email"]); // filter everything but numbers and letters
$password = (!empty($_POST['password'])) ? sha1($_POST['password']) : ''; // filter everything but numbers and letters
// Connect to the MySQL database
include "config/connect.php";
$sql = "
SELECT members.id
FROM `members`
INNER JOIN `storename` ON (members.randKey = storename.randKey)
WHERE members.email = '$manager'
AND members.password = '$password'
";
// query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$query = mysqli_query($db_conx, $sql);
if (!$query) {
die(mysqli_error($db_conx));
}
$existCount = mysqli_num_rows($query); // count the row nums
if ($existCount == 1) { // evaluate the count
$row = mysqli_fetch_array($query, MYSQLI_ASSOC);
$_SESSION["id"] = $row["id"];
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: dashboard");
exit();
} else {
echo 'That information is incorrect, try again <a href="login">Click Here</a>';
exit();
}
}
?>
在您的SQL中,您沒有where子句,因此您的查詢會提取所有可能大於1的行。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.