mysqli查询在php中将列名作为一行返回

Question

这是我的 login.php 文件

<?php require ("database_connect.php");?>
<!DOCTYPE html>
<html>
<body>  
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?>">
    Name : <input type="text" name="name"><br/>
    Password : <input type = "text" name="password"><br/>
    <input type="submit" name="login" value="Log In">   
    </form>

    <?php
    $name=$password="" ;
        if($_SERVER["REQUEST_METHOD"]=="POST" and isset($_POST["login"])){
            $name = testInput($_POST["name"]);
            $password = testInput($_POST["password"]);
        }//if ends here

        //testInput function
        function testInput($data){
            $data = trim($data);
            $data = stripslashes($data);
            $data = htmlspecialchars($data);
        }//testInput ends here


        if(isset($_POST["login"]) && isset($_POST["name"]) && isset($_POST["password"]) && !empty($_POST["name"]) && !empty($_POST["password"])){

        //echo "Name ".$_POST["name"];

        if($result = mysqli_query($conn,"SELECT * FROM users WHERE name='$name' and password='$password'")){            
            if($result->num_rows > 1){
            echo "you are logged in";
                while ($row = $result->fetch_assoc()){
                    echo "Name ".$row["name"]."-Password ".$row["password"];
                }//while loop ends here  
            }//if ends here


            /* free result set */
            $result->close();
        }       
        else{
            print "Wrong Credentials "."<br>";
            die(mysqli_error($conn));
        }
        }       
        //close connection
        $conn->close();
    ?>
</body>
</html>

一个问题是我的查询
if($result = mysqli_query($conn,"SELECT * FROM users WHERE name='$name' and password='$password'")) 将列名作为一行返回。不知道行不行？
另一件事是我输入了错误的名称或密码还是正确的，在这两种情况下我都没有得到任何输出。我在这里做错了什么？

如果你能告诉我如何用一个全面的例子用正确的格式在 php 中编写一个 mysqli 查询。我在谷歌上搜索过，但是有不同的方法，所以当查询中出现列名和变量时，我特别困惑。

Answer 1

您的 test_input 函数很弱/不安全，另外，mysql_query 已被贬低，请使用 mysqli 和准备好的语句，如下所述：http://php.net/manual/en/mysqli.prepare.php

此外，我还包含了我用于登录系统的一段代码（使用盐等更复杂一些，您应该能够将其编译为适合您的脚本。

//get salt for username (also check if username exists)
        $stmtfc =  $mysqli->stmt_init();
        $prep_login_quer = "SELECT salt,hash,lastlogin FROM users WHERE name=? LIMIT 1";
        $stmtfc->prepare($prep_login_quer);
        $stmtfc->bind_param("s", $username);
        $stmtfc->execute() or die("prep_login_quer error: ".$mysqli->error);
        $stmtfc->store_result();
        if ($stmtfc->num_rows() == 1) {
            $stmtfc->bind_result($salt,$hash,$lastlogin);
            $stmtfc->fetch(); //get salt
            $stmtfc->free_result();
            $stmtfc->close();

Answer 2

我不知道你是什么意思，但这就是我查询 mysqli 的方式

$query = mysqli_query($db, "SELECT * FROM users WHERE name='$name' AND password='$password'");

if($query && mysqli_affected_rows($db) >= 1) { //If query was successfull and it has 1 or more than 1 result 
echo 'Query Success!';
//and this is how i fetch rows
while($rows = mysqli_fetch_assoc($query)) {
   echo $rows['name'] . '<br />' ;
}

} else {
echo 'Query Failed!';
}

我想这就是你的意思

编辑：

<?php require ("database_connect.php");?>
<!DOCTYPE html>
<html>
<body>  
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"])?>">
    Name : <input type="text" name="name"><br/>
    Password : <input type = "text" name="password"><br/>
    <input type="submit" name="login" value="Log In">   
    </form>

    <?php
    $name = null ;
    $password= null ;
        if($_SERVER["REQUEST_METHOD"]=="POST" and isset($_POST["login"])){
            $name = mysqli_real_escape_string($conn, $_POST["name"]); //I updated that because your variables are not safe
            $password = mysqli_real_escape_string($conn, $_POST["password"]);
        }//if ends here

        //testInput function
        function testInput($data){
            $data = trim($data);
            $data = stripslashes($data);
            $data = htmlspecialchars($data);
        }//testInput ends here


        if(isset($_POST["login"]) && isset($_POST["name"]) && isset($_POST["password"]) && !empty($_POST["name"]) && !empty($_POST["password"])){

        if($result = mysqli_query($conn,"SELECT * FROM users WHERE name='{$name}' and password='{$password}'")){            

            print "rows are ".mysqli_num_rows($result)"<br>";//number of rows

            if($result && mysqli_affected_rows($conn) >= 1){//If query was successfull and it has 1 or more than 1 result
            echo "you are logged in<br>";
                while ($row = mysqli_fetch_assoc($result)){
                    echo "Name ".$row["name"]."-Password ".$row["password"];
                }//while loop ends here  
            }//if ends here


            /* free result set */
            mysqli_free_result($result);
        }       
        else{
            print "Wrong Credentials "."<br>";
            die(mysqli_error($conn));
        }
        }       
        //close connection
        mysqli_close($conn);
    ?>
</body>
</html>

Answer 3

尝试更改此查询

$result = mysqli_query($conn,"SELECT * FROM users WHERE name='$name' and password='$password'")

to

$result = mysqli_query($conn,"SELECT * FROM users WHERE name='$name' and password='$password' limit 1")

那么你只会得到一行，然后尝试改变

$row = $result->fetch_assoc()

to

$row = $result->mysqli_fetch_row()

那么你可以通过列号而不是列名来显示结果

Answer 4

<?php 
  mysql_connect("abc.com","user","password");
  mysql_select_db("database name"); 
  $query1="select * from table_name"; 
  $exe1= mysql_query($query1); 
  $row= mysql_fetch_assoc($exe1); 
  if($row["email"]==$_POST["email"] && $row["[password"]==$_POST["password"]) { 
    echo "Login successfully"; 
  } else {
    echo "error in login"; 
  } 
?>

在row["email"] 和$row["password"] 中输入您的列名