如果值存在则检查SQL数据库，如果存在则返回值

I am pretty new to both php and SQL. I have a login page where I ask for the users username and password. I would like to search a database I have created for both the username and password to see if they exist. The database table has two columns, Username and Password. I don't care to much about security so a simple script will work. But I do want to be able to expand on it someday, so therefor I am using a database, because currently I just use an array in php to store usernames and passwords.

我对php和SQL都很陌生。我有一个登录页面,我要求用户的用户名和密码。我想搜索我为用户名和密码创建的数据库,看看它们是否存在。数据库表有两列,用户名和密码。我不太关心安全性,所以一个简单的脚本可以工作。但我确实希望有一天能够扩展它,因此我使用的是数据库,因为目前我只是在php中使用一个数组来存储用户名和密码。

I am currently trying to get this code to work but am not getting the results I need.

我目前正在尝试使用此代码,但我没有得到我需要的结果。

$user_name = "db_username";
$password = "db_password";
$database = "db_name";
$server = "db_server";



$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found) {
$result =mysql_query("SELECT 1 FROM my_table WHERE Username = $username");
if ($result>0)

    {
        echo 'Username and Password Found'; 
    }
else
    {
    echo 'Username and Password NOT Found';
    }
}
else {
print "Database NOT Found.";
mysql_close($db_handle);
}

This always returns Username and Password Found no matter is the username is in there or not. When printing $result I get Resource id #2. Thank you

这总是返回用户名和密码找到,无论用户名是否存在。打印$ result时,我得到资源ID#2。谢谢

3 个解决方案

#1

$result I think will evaluate to true even if the result set contains zero rows. It only returns boolean false on error according to the manual. Use mysql_num_rows to determine if you actually found anything with the query.

$ result我认为即使结果集包含零行也会评估为true。它只根据手册在错误时返回布尔值false。使用mysql_num_rows确定您是否确实在查询中找到了任何内容。

if ($db_found) {
$result =mysql_query("SELECT 1 FROM my_table WHERE `Username` = '$username'");
if ($result && mysql_num_rows($result) > 0)

    {
        echo 'Username and Password Found'; 
    }
else
    {
    echo 'Username and Password NOT Found';
    }
}
else {
print "Database NOT Found.";
mysql_close($db_handle);
}

EDIT: Of course, as of now (November 2013, and since long ago), the mysql_* functions have indeed been deprecated. Apparently you can now use identical mysqli_* functions (maybe just use find/replace), but most people are using PDO.

编辑:当然,截至目前(2013年11月,以及很久以前),mysql_ *函数确实已被弃用。显然你现在可以使用相同的mysqli_ *函数(可能只是使用find / replace),但大多数人都在使用PDO。

#2

Try this for your SQL:

试试这个SQL:

$result = mysql_query("SELECT 1 FROM my_table WHERE Username = " . mysql_real_escape_string($username));

Note: You should consider using PDO.

注意:您应该考虑使用PDO。

#3

<?php
$user=$_POST["user"];
$pass=$_POST["pass"];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "interior_design";
$db_handle = mysql_connect($servername,$username,$password);
$db_found = mysql_select_db($dbname,$db_handle);
if($db_found)
{
$result = mysql_query("SELECT ssn,fname FROM admin WHERE ssn='$pass' and fname='$user'");
if ($result && mysql_num_rows($result) > 0)
    {
        echo 'Username and Password Found'; 
    //header( 'Location: index.html' ) ;

    }
else
    {
    echo 'Username and Password NOT Found';
    echo $pass;
    echo $user;``
    }
}

else{
echo 'db nt found';   

mysql_close($db_hanle);
}

?>
<html>
<body>
<a href="login.html"><h2>LOGIN</h2></a>
</body>
</html>

#1