【发布时间】:2015-12-26 17:24:47
【问题描述】:
我是创建数据库的绝对初学者和 我只知道我们可以用,
"SELECT * FROM users WHERE username = '$username' and password = '$password'";
但是,如果我的 SQL 中有多个表并且我想全部选择它们怎么办?
我可以吗,
"Select * from users where username = '$username' and password = '$password' and email = '$email' and address = '$address' and phone = '$phone'";
这是我的 PHP 脚本:
public function does_user_exist($username,$password,$email,$address,$phone){
$query = "Select * from users where username = '$username' and password = '$password' and email = '$email' and address = '$address' and phone = '$phone'";
$result = mysqli_query($this->connection, $query);
if(mysqli_num_rows($result) > 0){
$json['success'] = 'Welcome '.$email;
echo json_encode($json);
mysqli_close($this->connection);
} else {
$query = "Insert into users(username, password, email, address, phone) values ('$username','$password','$email', '$address', '$phone')";
$is_inserted = mysqli_query($this->connection, $query);
if ($is_inserted == 1){
$json['success'] = 'Account created, welcome '.$email;
} else {
$json['error'] = 'Wrong password ';
}
echo json_encode($json);
mysqli_close($this->connetion);
}
}
更新
<?php
require_once 'connection.php';
header('Content-Type: application/json');
class User {
private $db;
private $connection;
function __construct() {
$this->db = new DB_Connection();
$this->connection = $this->db->get_connection();
}
public function does_user_exist($username,$password,$email,$address,$phone){
$query = ("Select * from users where username = '$username' and password = '$password' and email = '$email' and address = '$address' and phone = '$phone'");
$result = mysqli_query($this->connection, $query);
if(mysqli_num_rows($result) > 0){
$json['success'] = 'Welcome '.$email;
echo json_encode($json);
mysqli_close($this->connection);
} else {
$query = "Insert into users(username, password, email, address, phone) values ('$username','$password','$email', '$address', '$phone')";
$is_inserted = mysqli_query($this->connection, $query);
if ($is_inserted == 1){
$json['success'] = 'Account created, welcome '.$email;
} else {
$json['error'] = 'Wrong password ';
}
echo json_encode($json);
mysqli_close($this->connetion);
}
}
}
$user = new User();
if (isset($_POST['username'], $_POST['password'], $_POST['email'], $_POST['address'], $_POSt['phone'])){
$username = $POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$address = $_POST['address'];
$phone = $_POST['phone'];
if(!empty($username) && !empty($password) && !empty($email) && !empty($address) && !empty($phone)){
$encrypted_password = md5($password);
$user -> does_user_exist($username,$encrypted_password,$email,$address,$phone);
} else {
echo json_encode("You must fill all fields!")
}
}
?>
希望你们能提供帮助,非常感谢您的回答。
【问题讨论】:
-
查看
joins。 dev.mysql.com/doc/refman/5.7/en/join.html 还要考虑使用参数化的预处理语句。您不想真正养成在查询中使用变量的习惯。 php.net/manual/en/mysqli.quickstart.prepared-statements.php -
但是您没有多个表。那是一张桌子 - 用户。你的脚本不工作吗?
-
请检查 Google 是否存在“SQL 注入”,因为您的脚本不安全(使用表单时)
-
好的,你更新了标题...问题是如何在只有部分字段存在的情况下动态构建查询?
-
如果所有值都正确/存在,则该行可能是正确的。看看这个答案stackoverflow.com/questions/32685881/…,那里的 OP 从未确认它有效,所以我不确定它是否正确,但应该给你一个起点。