[英]Specific user type in MySQL and PHP
我有3個用於connection.php的文件。 work.php login.php這些是我用來識別數據庫中用戶類型或管理員類型的代碼。
我使用MySQL,因為它在編碼/開發過程中是必需的,
我遇到的問題是我無法檢測到用戶類型。 您能否建議識別用戶類型的可能性。
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
//$type = $_POST['type'];
// $query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'
//and emp_type = '1'");
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>DETECTED Username AND PASS already exists!";
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '1' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING1";
}
else
{
echo "<br>QUEEN1";
}
$query = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_type = '2' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "<br>KING2";
}
else
{
echo "<br>QUEEN";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
}
mysql_close();
?>
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '', 'wildlife');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}
?>
work.php
<?php
include('login.php');
?>
<html>
<head><title>INDETIFY THE USER TYPE</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>
結果,當輸入** super,super **時
首先:不再使用mysql_*
函數。 相關問題: 為什么我不應該在PHP中使用mysql_ *函數? 而是使用mysqli_*
函數或PDO數據庫擴展來連接到MySQL數據庫。
第二:您的實現是錯誤的。 您的函數mysql_num_rows
將始終只返回一行,因為您在查詢中所說的只是“給我emp_type
為1的所有行”(或2)。 但這將始終返回一行,因為您具有emp_type 1的行。像這樣編輯查詢:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '$user'");
之后,您可以讀取結果的emp_type
記錄中的內容。
更好的方法是轉義您輸入的信息以防止sql-injection:
$result = mysql_query("SELECT emp_type FROM wrd_users WHERE emp_username = '".mysql_real_escape_string($user)."'");
但是請記住不要再使用mysql_ *了!
試試這個代碼
$query = mysql_query("SELECT *
FROM wrd_users
WHERE emp_username='$user'
and emp_password='$pass' ");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
$row=mysql_fetch_array($query);
if($row['emp_type']=='1')
{
echo "<br>KING1";
}
if($row['emp_type']=='2')
{
echo "<br>KING2";
}
}
else
{
//header("location:index.php");
echo(" No User Found");
//header('work.php');
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.