目前我想在用户登录系统时从两个表中获取两个不同的数据.权利表是"user","user_staff"和"user_group".但是当用户输入其用户名和密码并提交它时,提示"致命错误:在第26行的C:\ xampp\htdocs\auditsystem\index.php中的非对象上调用成员函数fetch_array()"
以下是代码:
if($username!= "" && $password != "")
{
//INNER JOIN user_group_module_role ON user.user_group_module_role_id = user_group_module_role.id
$result = $db->query("SELECT * FROM user
INNER JOIN user_staff ON user.user_staff_id = user_staff.id
WHERE username = '$username' AND password = '$password'");
if($result->num_rows == 1)
{
$validate = $result->fetch_assoc();
$query1 = "SELECT * FROM usergroup WHERE id = $validate[user_group_id]";
$result1 = $db->query($query1);
$row1 = $result1->fetch_array();
//change here for the authority
$_SESSION['user_staff'] = $validate['displayname'];
$_SESSION['usergroup'] = $row1['user_group_type'];
echo "<script language='javascript'>window.location='panel.php'</script>";
}
else
{
echo "<script>alert('Sorry, wrong username and password please check.')</script>";
}
}
您的查询格式错误且失败.这使得$ result1为null/false.您的查询也容易受到SQL注入攻击!
if($username!= "" && $password != ""){
//INNER JOIN user_group_module_role ON user.user_group_module_role_id = user_group_module_role.id
$result = $db->query("SELECT * FROM user INNER JOIN user_staff ON user.user_staff_id = user_staff.id WHERE username = '$username' AND password = '$password'");
if($result->num_rows == 1){
$validate = $result->fetch_assoc();
$query1 = "SELECT * FROM usergroup WHERE id = {$validate['user_group_id']}";
if($result1 = $db->query($query1)){
$row1 = $result1->fetch_array();
//change here for the authority
$_SESSION['user_staff'] = $validate['displayname'];
$_SESSION['usergroup'] = $row1['user_group_type'];
echo "<script language='javascript'>window.location='panel.php'</script>";
} else {
echo "<script language='javascript'>alert('SQL Error.');</script>";
}
} else {
echo "<script>alert('Sorry, wrong username and password please check.')</script>";
}
}
| 归档时间: |
|
| 查看次数: |
830 次 |
| 最近记录: |