duandeng7132 2013-12-06 17:30
浏览 26

在登录时选择语句。 查询失败

This is my code for check login. It return query failed. I don't know which syntax is wrong. Any help ? Do I need to SELECT everything in my table only ? In my login page, there are only need username, password and role. But in my table there are other things to as stated at my $_SESSION below. Do I need to call back everything in my table or something ? Because my coding can't read the query. There is no syntax error but when I try to login, query failed appear. 

<?php
session_start();
require 'database.php';

//to store validation errors
$errmsg_arr = array();

//validation error flag
$errflag = false;

//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
    $str = @trim($str);
    if (get_magic_quotes_gpc()){
        $str = striplashes ($str);
    }
    return mysql_real_escape_string($str);
}

//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);

//input validations
if ($myusername = ''){
    $errmsg_arr[] = 'Insert your username';
    $errflag = true;
}
if ($mypassword = ''){
    $errmsg_arr[]= 'Insert you password';
    $errflag = true;
}

//if there are input validation, redirect back to home
if ($errflag){
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location:index.php");
    exit();
}

$qry = "SELECT user_id, username, name, password, role FROM student WHERE username = '$myusername', password = '".md5($_POST['password'])."' AND role = '$role' ";
$result = mysql_query($qry);

if ($result){
    if (mysql_num_rows($result)== 1){

        session_regenerate_id();
        $student = mysql_fetch_assoc($result);  
        $_SESSION['SESS_USER_ID']= $student['user_id'];
        $_SESSION['SESS_NAME']= $student['name'];
        $_SESSION['SESS_GENDER']= $student['gender'];
        $_SESSION['SESS_MATRIC']= $student['matric'];
        $_SESSION['SESS_COLLEGE']= $student['college'];
        $_SESSION['SESS_FACULTY']= $student['faculty'];
        $_SESSION['SESS_COURSE']= $student['course'];
        $_SESSION['SESS_EMAIL']= $student['email'];
        $_SESSION['SESS_PHONE']= $student['phone'];     
        session_write_close();
        header("location: profile.php");
        exit();
    }else {
        header ("location: login_failed.php");
        exit();
    }
}else {
    die ("Query failed");
}
?>
  • 写回答

3条回答 默认 最新

  • duanliu8998 2013-12-06 17:32
    关注

    Try using and instead of , between username and password 

    WHERE username = '$myusername' and  password = '".md5($_POST['password'])."' AND role = '$role'

    instead of 

    WHERE username = '$myusername', password = '".md5($_POST['password'])."' AND role = '$role'

    PHP

     $result = mysql_query($qry) or die (mysql_error());
 if (mysql_num_rows($result) > 0){

    session_regenerate_id();
    $student = mysql_fetch_assoc($result);  
    $_SESSION['SESS_USER_ID']= $student['user_id'];
    $_SESSION['SESS_NAME']= $student['name'];
    $_SESSION['SESS_GENDER']= $student['gender'];
    $_SESSION['SESS_MATRIC']= $student['matric'];
    $_SESSION['SESS_COLLEGE']= $student['college'];
    $_SESSION['SESS_FACULTY']= $student['faculty'];
    $_SESSION['SESS_COURSE']= $student['course'];
    $_SESSION['SESS_EMAIL']= $student['email'];
    $_SESSION['SESS_PHONE']= $student['phone'];     
    session_write_close();
    header("location: profile.php");
    exit();
}else {
    header ("location: login_failed.php");
    exit();
}

    NOTE: Use mysqli_* functions or PDO instead of mysql_* functions(deprecated)

    评论

报告相同问题?

悬赏问题

  • ¥100 支付宝批量检测实名工具
  • ¥15 基于单片机的靶位控制系统
  • ¥15 AT89C51控制8位八段数码管显示时钟。
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题