以用户或管理员身份从2个不同的表中登录 [英] logging in as user or admin from 2 different tables
问题描述
好吧,我想以用户和管理员身份登录,我的用户表被称为sollicitant,我的管理员是bedrijf(这是荷兰人哈哈抱歉)。我现在的代码只适用于1个表,但我怎么能有一个sql查询,在两个表中登录?
<$ c $如果(isset($ _ POST ['email'])){
$ inputEmail = htmlspecialchars($ _ POST ['email']);
$ inputWachtwoord = htmlspecialchars($ _ POST ['wachtwoord']);
$ servername =localhost;
$ databasename =vacaturebank。;
$ username =root;
$ password =;
尝试{
$ conn = new PDO(mysql:host = $ servername; dbname = $ databasename,$ username,$ password);
$ conn-> setAttribute(PDO :: ATTR_ERRMODE,PDO :: ERRMODE_EXCEPTION);
} catch(PDOException $ e){
echo连接失败:。 $ E->的getMessage();
return;
try {
$ stmt = $ conn-> prepare(SELECT * FROM sollicitant WHERE email ='$ inputEmail');
$ stmt-> execute();
$ result = $ stmt-> setFetchMode(PDO :: FETCH_ASSOC);
$ row = $ stmt-> fetch();
$ rowCount = $ stmt-> rowCount();
$ b $ if($ rowCount){
if($ inputWachtwoord == $ row ['wachtwoord'])echo< br />;> Successvol ingelogd;
else echo< br /> Gebruikersnaam en wachtwoord komen niet overeen。;
header(Location:inloggen.html);
} else {
echo< br />登录失败,找不到记录;
}
}
catch(PDOException $ e){
echoError:。 $ E->的getMessage();
}
$ conn = null;
session_start();
$ _SESSION [login] = true;
$ _SESSION [email] = $ inputEmail;
}
?>
您需要使用<$ c
$ sol
$ b WHERE sollicitant.email ='$ inputEmail'
AND bedrijf.email ='$ inputEmail'
另一种可能是使用明确的加入别名'(别名'只是为了缩短事情,你不必使用它们。):
SELECT *
FROM sollicitant s,bedrijf b
ON s.email = b.email
WHERE s.email ='$ inputEmail'
这样做意味着您只需将一张表的一列中的字符串解释为 JOIN
确保你只能得到具有匹配电子邮件的行。如果查询为空,则电子邮件不会同时存在。
编辑
如果您想决定在哪里要根据用户的角色进行操作,您应该将所有用户合并到一个表中,该表中有一列描述用户角色:
SELECT * FROM users WHERE email ='$ inputEmail'
然后,PHP取出数据后:
if('sollicitant'== $ row ['role']){
header('Location:sollicitant.php );
exit();
} elseif('bedrijf'== $ row ['role']){
header('Location:befrijf.php');
exit();
} else {
echo'您的登录有问题';
}
警告!
...正如其他人所说的...Little Bobby 说 您的脚本存在SQL注入攻击风险。一> 的即可。即使转义字符串也不安全!
我讨厌人们说我不是那么远......或这个网站不会公开.. 。或这只适用于学校,所以安全无关紧要......。如果教师和教授从一开始就没有谈论安全问题,他们就错了。挑战他们。他们正在教导草率和危险的编码习惯,学生们稍后将不得不忘记。当人们说,我会在以后增加安全性时,我也讨厌它。或现在安全性不重要......或忽略安全风险...。
切勿存储纯文本密码!请使用 PHP 内置函数 来处理密码安全性。如果您使用的是小于5.5的PHP版本,则可以使用 password_hash()
兼容包。 不需要转义密码 或使用任何其他清理哈希之前的机制。这样做会改变密码并导致不必要的额外编码。
okay so i wanna log in as user and admin, my user table is called "sollicitant" and my admin is "bedrijf" (this is dutch lol sorry). the code i have right now works for only 1 table but how can i have a sql query that looks in both tables to log in?
<?php
if(isset($_POST['email'])) {
$inputEmail = htmlspecialchars($_POST['email']);
$inputWachtwoord = htmlspecialchars($_POST['wachtwoord']);
$servername = "localhost";
$databasename = "vacaturebank.";
$username = "root";
$password = "";
try {
$conn = new PDO("mysql:host=$servername; dbname=$databasename", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
return;
}
try {
$stmt = $conn->prepare("SELECT * FROM sollicitant WHERE email = '$inputEmail'");
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
$row = $stmt->fetch();
$rowCount = $stmt->rowCount();
if ($rowCount) {
if ($inputWachtwoord == $row['wachtwoord']) echo "<br/>Successvol ingelogd";
else echo "<br/>Gebruikersnaam en wachtwoord komen niet overeen.";
header("Location: inloggen.html");
} else {
echo "<br/>Login failed, no record found";
}
}
catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
$conn = null;
session_start();
$_SESSION["login"] = true;
$_SESSION["email"] = $inputEmail;
}
?>
You need to specify both tables with the email
column:
SELECT *
FROM sollicitant, bedrijf
WHERE sollicitant.email = '$inputEmail'
AND bedrijf.email = '$inputEmail'
Another possibility is using an explicit JOIN with alias' (The alias' are just for shortening things up, you do not have to use them.):
SELECT *
FROM sollicitant s, bedrijf b
ON s.email = b.email
WHERE s.email = '$inputEmail'
Doing this means you only have to account for the eamil in one column of one table as the JOIN
makes sure you only get those rows having a matching email. If the query is empty the email does not exist in both.
Edit
If you want to decide where to go based on a user's role you should consolidate all users into one table having a column that delineates the user's role:
SELECT * FROM users WHERE email = '$inputEmail'
Then the PHP once you have fetched the data:
if('sollicitant' == $row['role']) {
header('Location: sollicitant.php');
exit();
} elseif ('bedrijf' == $row['role']) {
header('Location: befrijf.php');
exit();
} else {
echo 'There is a problem with your login.';
}
Warning!
...as others have said...Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe!
I hate when people say "I'm not that far along..." or "This site will not be public..." or "It's only for school, so security doesn't matter...". If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, "I'll add security later..." or "Security isn't important now..." or "Ignore the security risk...".
Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash()
compatibility pack. It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.
这篇关于以用户或管理员身份从2个不同的表中登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!