我有两个数据库表,“用户”,它有3列(id,[自动增量]用户名和夹点) 另一个表是只有一列(划痕)的“pins” 我的桌面php mysql选择和更新错误
USER
Id username Pinc
1 Josh
2 Angela
3 Chika
PINS
scratches
123456
234515
124564
我想如果用户通过表单提交他的用户名和密码,它会检查是否存在其他用户的密码。如果是这样,它会给出一个错误“对不起,该代码只有一个人有权”,如果它存在于他的柱子中,它会记录他。如果它不存在或他或另一个用户,它将检查是否密码存在于引脚表中。如果是,它会将其更新到用户的pinc柱。然后如果它不存在于引脚表中,则将其登录,它将显示“对不起,该代码不存在”的错误。 我的代码
//if the password already exist for another user if yes give error
$sql = "SELECT * FROM user WHERE pinc = '" . $user_password . "';";
$query = $this->db_connection->query($sql);
if ($query->num_rows== 1) {
$this->errors[] = "Sorry, that code is entitled to one person only";}
//if no, check if it exist in the pins table,
elseif ($query->num_rows== 0) {
$sql = "SELECT * FROM pins WHERE scratches = '" . $user_password . "';";
$query = $this->db_connection->query($sql);
//if no give error
elseif ($query->num_rows== 0) {
$this->errors[] = "Sorry, that code does not exist.";}
//if yes update the user table
elseif ($query->num_rows== 1) {
$sql = "UPDATE user ".
"SET pinc = '$user_password' ".
"WHERE user_name = '$user_name'" ;
$query_new_user_insert = $this->db_connection->query($sql);
$sql = "SELECT user_name, pinc
FROM user
WHERE user_name = '" . $user_name . "' ;";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
// write user data into PHP SESSION
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_login_status'] = 1;
} else {
$this->errors[] = "Wrong PIN. please check the PIN at the back of your scrathch and Try again.";
}
} else {
$this->errors[] = "A student with this Reg_No does not exist.";
}
} else {
$this->errors[] = "Database connection problem.";
}
}
}
当我运行上面的代码,它提供了解析错误:语法错误,意外 'elseif的'
有什么不同于这个问题,然后在你的另一个http://stackoverflow.com/q/26396649/ - ? – 2014-10-16 14:39:53
这看起来[可怕的不安全](http://bobby-tables.com/)。你确定**你的用户参数是[妥善转义](http://bobby-tables.com/php)? – tadman 2014-10-16 15:34:12