晚上好,我只是在尝试一些新的东西(至少对我来说),关于如何从不同的表登录。Table1具有cand_id (用户名),而Table2具有PIN码(密码)。服务器没有显示任何错误,当我尝试登录,但它不工作。我的代码如下:
if (isset($_POST['cand_id'])) {
//escapes special characters in a string
$cand_id = mysqli_real_escape_string($con,$cand_id);
$pincode = mysqli_real_escape_string($con,$pincode);
//Checking is user existing in the database or not
$query = "SELECT cand_id
FROM candidates
WHERE cand_id='$cand_id'
UNION
SELECT pincode
FROM cand_login
WHERE pincode='$pincode'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1) {
$_SESSION['cand_id'] = $cand_id;
// Redirect user to index.php
header("Location: home.php");
} else {
echo "<div class='form'>
<h3>cand_id/pincode is incorrect.</h3>
<br/>Click here to <a href='log.php'>Login</a></div>";
}
} else {
}
我需要做些什么才能让它正常工作?
发布于 2018-07-27 05:05:32
这里有很多地方都错了。
real_escape_string()
函数来阻止SQL注入,they alone are not sufficient。你正在做一个通常会返回两行的,
https://stackoverflow.com/questions/51547344
复制相似问题