i would like to ask you about my database query
i have this table admin_table in my data base
tag id name password profession
xxxxxx Jhon Begly 123 admin
i build a php page to insert a user name and password
i need to check the user name and password that i entered with its profession if its valid then proceed with a new page as bellow
$sql = "SELECT * FROM admin_table WHERE name='".$username."' AND password='".$password."'";
so how can i check profession in the same query above
any update will be highly appreciated
You mean this?
$sql = "SELECT * FROM admin_table WHERE name='".$username."'
AND password='".$password."' AND profession = 'admin'";
If you get a result row back, you matched all three columns. If zero rows, it failed to match at least one. Not really sure your use case.
I also agree with other commenters that this is far from best practices in several ways.
Where are you validating the profession? If it is in another table... use
INNER JOIN profession_table as pt
ON pt.some_column
right after the from part of your query
Related
I'm trying to get a list of all users who have received a message (at least) from a session user while excluding those who did not.
But my code excludes only one despite there being more in this category.
Here is my code:
$SQL="select *from message where senderID="$sender"; $result=mysqli_query($link,$SQL);$totalRows=mysqli_num_rows($result);if($totalRows<>0){for($i=0;$i<$totalRows; $I){$resultData[$i]=mysqli_fetch _array($result);
}for($i=0;$i<$totalRows; $I){$receiverID=$resultData[$i]['receiver_id'];
$select="select *from users where memberID NOT IN($receiverID)";} }
Please, how do I achieve this goal?
You can do all that in one SQL query:
$SQL = "SELECT * FROM users WHERE memberID NOT IN (SELECT receiver_id FROM message WHERE senderID = '$sender')";
I have no knowledge of PHP, but you will have to consult its documentation for the correct use of for loops to retrieve the data.
I have two tables set up in SQL... One for users, which works for users to log in and out completely fine...
And another to pull a timetable into a html table, which works fine when a user isn't specified... But I'm trying to include a WHERE statement to make only information with the correct user_id (in the timetable) to show, dependant on the users session id.
I'm only receiving errors with this line...
$sql = "SELECT * FROM time_table ORDER BY Number WHERE $_SESSION['user_id']";
$result = mysql_query($sql)or die(mysql_error());
Any advice on where I'm going wrong here?
You are writing a query with wrong syntax.
The query should be like
$sql = "SELECT * FROM time_table WHERE user_id ='".$_SESSION['user_id']."' ORDER BY Number";
i want to start a big project where users table will have a lots of rows.
Users table structure is this: id|username|password|email
id - auto_increment + primary_key
username - unique index
email - unique index
I want for my users to be able login with username or email, but if this will slow my query i'll use only one input.
I. (Both Username or Email login)
My execute stmt for this:
$post_input = $_POST['user_input'] //will be username or email
$check = $db->prepare("Select * from users where username=? or email=?")
$check->execute(array($post_input,$post_input));
if($check->rowCount() > 0){
//Username or Email found from here do the rest of the things
}
II . (Only Username login)
My execute stmt for this:
$post_input = $_POST['user_input'] //will be username
$check = $db->prepare("Select * from users where username=?")
$check->execute(array($post_input));
if($check->rowCount() > 0){
//Username found from here do the rest of the things
}
Which one of this queries will perform better and faster when users table will reach like 1 million users.
One option would be to have your application check for an # in the user input and if present check against email, if not check against username (could cause issues if # is acceptable in username of course)
Put limit 0,1 at the end of your sql query, so it will stop searching when it gets one user from the database:
Select * from users where username=? limit 0,1
As andrewsi says: If you add an index to both columns, you can search using both. There will be no noticeable difference if you check both columns, even with with millions of rows.
I have a line in MySQL with information like the username and email address and I would like to find the id of the row based on the username field. Any ideas on how to find the id based on the username field?
SELECT id FROM users WHERE username = 'NStorm';
It is very basic sql:
select id from your_table where username = 'foo'
I have a database from which I would like users to retrieve information from a certain table called "entry" based on their username.
So I want user1 to login and then a select statement be created to take the username, look it up in the username table, and then used the stored value for the person's name (which is one of the columns in the user table) to run a query to show all records for that person.
Is this possible?
thanks in advance
EDIT:
Sorry the question was so badly formed.
Basically I have a users table which holds user login details with the fields - studentName, Site, Username , Password
I then have another table called entry which holds records for all users with the following fields - entryID, date, studentName , field1 , field2, field3 etc
What want to do is for the user to login as they do now and a query to be generated based on the Username to get all records for that particular student.
Does this give a better idea of what I am try to get?
if its Oracle, then you can do:
SELECT a,b,c
FROM entry
WHERE username = user -- user is an Oracle keyword that returns
-- the oracle user name of the user running the query.
Possibly way off but asuming a table called User with an Id, Name & UserName and a related table called details with a UserId and other columns with the details the below simple join will work. Also the string 'AUserName' is the value passed in from your app.
SELECT User.Name, Details.*
FROM User
INNER JOIN Details
ON User.Id = Details.UserId
WHERE User.Username = 'AUserName'
But this is a guess based on your question, add more details and you'll get a better answer