mysql - INNER JOIN for login form doesn't seem to work in PHP? -
let me first explain i'm trying do...
i have 2 tables in mysql database. 1st members , other 1 storename.
i save random unique key in both of these tables in column randkey.
this works fine.
now, have login form trying use has inner join in select.
the purpose of using inner join able use randkey in both tables mentioned above users cannot login else's account if know mean.
only if email, password , randkey matched can login?
however, when run php/login page , try login, that information incorrect, try again echoed out me...
here code:
<?php // parse log in form if user has filled out , pressed "log in" if (isset($_post["email"]) && isset($_post["password"])) { $manager = preg_replace('#[^a-za-z0-9]#i', '', $_post["email"]); // filter numbers , letters $password = (!empty($_post['password'])) ? sha1($_post['password']) : ''; // filter numbers , letters // connect mysql database include "config/connect.php"; $sql = "select members.email, members.password, storename.email, storename.password `members` inner join `storename` on (members.randkey = storename.randkey)"; // query person // ------- make sure person exists in database --------- $query = mysqli_query($db_conx, $sql); if (!$query) { die(mysqli_error($db_conx)); } $existcount = mysqli_num_rows($query); // count row nums if ($existcount == 1) { // evaluate count while($row = mysqli_fetch_array($query, mysqli_assoc)){ $id = $row["id"]; } $_session["id"] = $id; $_session["manager"] = $manager; $_session["password"] = $password; header("location: dashboard"); exit(); } else { echo 'that information incorrect, try again <a href="login">click here</a>'; exit(); } } ?> could me out this?
there no filters in query, it's returning every row of database. have more 1 member, number of rows can't equal 1.
the second problem you're not selecting id in query, you're trying if after.
try :
<?php // parse log in form if user has filled out , pressed "log in" if (isset($_post["email"]) && isset($_post["password"])) { $manager = preg_replace('#[^a-za-z0-9]#i', '', $_post["email"]); // filter numbers , letters $password = (!empty($_post['password'])) ? sha1($_post['password']) : ''; // filter numbers , letters // connect mysql database include "config/connect.php"; $sql = " select members.id `members` inner join `storename` on (members.randkey = storename.randkey) members.email = '$manager' , members.password = '$password' "; // query person // ------- make sure person exists in database --------- $query = mysqli_query($db_conx, $sql); if (!$query) { die(mysqli_error($db_conx)); } $existcount = mysqli_num_rows($query); // count row nums if ($existcount == 1) { // evaluate count $row = mysqli_fetch_array($query, mysqli_assoc); $_session["id"] = $row["id"]; $_session["manager"] = $manager; $_session["password"] = $password; header("location: dashboard"); exit(); } else { echo 'that information incorrect, try again <a href="login">click here</a>'; exit(); } } ?>
Comments
Post a Comment