我对mysql和php有问题
我有一个问题,这是我的代码:我对mysql和php有问题,php,mysql,mysqli,Php,Mysql,Mysqli,我有一个问题,这是我的代码: $db = new mysqli("localhost", "root", "", "blah"); $result1 = $db->query("select * from c_register where email = '$eml' and password = '$pass'"); if($result1->fetch_array()) { $auth->createSession();
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register where email = '$eml' and password = '$pass'");
if($result1->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'client';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result2 = $db->query("select * from b_register where email = '$eml' and password = '$pass'");
if($result2->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'business';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result3 = $db->query("select * from g_register where email = '$eml' and password = '$pass'");
if($result3->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'employee';
promptUser("You have successfully logged in!!!","index.php");
}
$db = new mysqli("localhost", "root", "", "blah");
$result4 = $db->query("select * from k_register where email = '$eml' and password = '$pass'");
if($result4->fetch_array())
{
$auth->createSession();
$_SESSION['user'] = 'super';
promptUser("You have successfully logged in!!!","index.php");
}
else
{
promptUser("Username/Password do not match. Please try again!!!","");
}
这段代码很有趣,但我不知道我用错了方法。我是php和mysql新手,请帮助我。我也尝试过,例如result4->free()对于保存数据的所有变量,我得到了以下错误:致命错误:对…中的非对象调用成员函数free()仅在成功查询后返回结果对象
您需要在支票中生成:
if(($result1 != false) and ($result1->fetch_array())) // The same for 2,3,4...
您应该使用
echo $db->error;
不要重复你自己。您已经创建了mysqli对象,所以请重用它。例如:
$db = new mysqli("localhost", "root", "", "blah");
$result1 = $db->query("select * from c_register...");
$result2 = $db->query("select * from d_register...");
$result3 = $db->query("select * from e_register...");
这将使您的代码更易读,以后更容易修改。来自PHP手册:
mysqli::query在成功时返回TRUE,在失败时返回FALSE。对于选择、显示、描述或解释,mysqli_query()将返回一个结果对象
因此,您应该测试它:
if ($result != false) {
...
} else {
// print error or whatever
}
顺便说一句,如果用户键入的是$pass
之类的内容,则不转义$eml
和$pass
之类的变量是非常危险的:
bleh'或1=1或password='bleh
,则整个查询将如下所示:
select * from b_register where email = 'some@email.com' and password = 'bleh' OR 1 = 1 OR password = 'bleh'
用户将在不知道密码的情况下登录强>
因此,您应该使用:mysql\u real\u escape\u string($eml)和同样的$pass
mysql_real_escape_string($eml)
或者更好:使用语句准备和参数绑定-请参阅:@neo:请不要发布“这是我的代码,请修复它”类型的问题。找出问题所在,只发布代码的相关部分,并对预期行为和收到的任何错误消息做出准确的说明。这样做并不能以root用户身份访问数据库。创建一个仅具有所需权限的帐户,仅此而已。