I made a login registration little thing myself, but once I log in with letters, an error is reported.

I made a login registration little thing myself, but once I log in with a letter, an error is reported first on the code

This is the login Action code under the controller.

// Log on and submit the controller public function logAction () {// Obtain the login form parameter $ userid = $ this-> getRequest ()-> getParam ('userid '); $ password = $ this-> getRequest ()-> getParam ('psd '); // create a table model and query the logon password $ table = new user (); $ where = 'userid = '. $ userid; $ row = $ table-> fetchRow ($ where)-> toArray (); // verify the form password and database password if ($ row ['password'] = $ password) {// create the global variable session username id session_start (); $ _ SESSION ['userid'] = $ userid; // view of logon success $ this-> render ('logok ');} else {// logon failure view displayed due to a password error $ this-> render ('logfailed ');}}

This is the user table.
+ -------- + ---------- +
| Userid | username | password |
+ -------- + ---------- +
| 010 | messi | 010 |
| Robin | test | robin |
+ -------- + ---------- +

First, the registration process is normal. both records can be inserted normally.

However, it is normal to log on with the first record at 010 during login.
An error occurred while logging in with the second record robin !! Error 500: An error occurred Application error

However, if I enter a username and submit a form with a letter, the system will report an error without letters and numbers, but will not report any jump information.
First, I analyzed the reason why there was no jump when I wrote the username and password at will, because the returned value of fetchRow is null.

But why do I report an error once I write an English character ??
There should be no problem in getting form parameters. The Table model should be okay.
Page character set mysql character set zend studio character set is also unified to UTF-8
Is the $ where condition written incorrectly? but it is successfully redirected by using a number to log on.
Why is there such a strange problem?

I also tested the 010_010 character string that does not contain any special characters. The Error 500 is returned after the string is submitted.
This is really strange ..

Reply to discussion (solution)

$ Where = 'userid = '. $ userid;
Ying writing
$ Where = "userid = '$ userid '";

010 may have changed to 10, while 010_010 is still 010_010.

$ Where = 'userid = '. $ userid;
Ying writing
$ Where = "userid = '$ userid '";
That's not the case. an error is reported if the username of the input form contains letters ..
This is really strange.

010 may have changed to 10, while 010_010 is still 010_010.

The userid data type defined in my database is varchar (10)
I have not used any string processing functions since the form parameters are obtained. how can this problem be solved?
I was afraid that the parameter was incorrectly passed and I made a specific output to see it. it should be okay to pass parameters in the form.

Print each query command?

Print each query command?

I haven't found the cause for a long time, but now I have used other methods to solve the problem.

There is no problem with the passed form parameters, but once it is sent to the fetchrow () method, it will be aborted.

The number is correct, but an error is reported once the letter is passed.

Later, I obtained the table model adapter and used the qutoeInto () method to process the passed parameters.

The SQL statement executed using the query () method of the adapter does not return an exception.

Although it can be used, the cause of the error is still not found at the beginning. the problem may be caused by the $ where parameter...

Debug. check whether the database query error is correct or other errors exist.

Probably found the problem.

First, the problem lies in the $ where condition.

I later debugged and used the quoteInto () method to process the form parameters and assigned them
$ Where = $ msgAdapter-> quoteInto ("? ", $ Userid );

Then, I showed $ where and found that the parameters obtained from the form are enclosed in single quotes, such as '001' robin, no matter the number or letter'
Then I tried not to use the quoteInto () method
$ Where = 'userid = '. $ userid;
Writing
$ Where = "userid = '$ userid '";

In this case, isn't the parameter actually the same as the parameter processed by the quoteInto () method?
After debugging

But why can't I use the code posted in my post to pass the number parameter but not the letter parameter ??

I guess it may be caused by SQL statement standards.

In the above code, the where clause in the SQL statement passed to mysql through php must be 'without quotation marks. However, at this time, the numbers can be passed in.

Then I opened mysql and entered three SQL statements separately.


This is the three statements I run in mysql.
It can be seen that the value of pure numbers can be executed by the mysql server without single quotation marks.
However, for a value containing letters, it must be enclosed in single quotes to be executed by the mysql server.
The error message in the figure is unknown column 'Robin'
Unknown column ..
I don't know what this is.

In short, the quoteInto () method is called through the adapter to process the parameters and then construct the SQL statement correctly.
I have always handwritten a field like 001 002.
I have never found this problem...

Why can I directly execute an SQL statement without a single quotation mark for numeric values? please wait for the lower floor to give a better answer.

It is reasonable to say that the $ where = 'userid = 'mentioned above '. $ userid; $ where = "userid = '$ userid'" should be written; this should be the answer to the problem of the landlord, that is, the question of adding single quotes to letters!

Quotation marks are required for varchar... Otherwise, it is processed as a number.

Number. If no quotation marks are added, all numbers are used. Only numerical values are not enclosed in quotation marks, and quotation marks are used to indicate strings. The two are the same for weak types.
A letter. it is enclosed in quotation marks to indicate a string. The name is used without quotation marks. the specific meaning is determined by the context.
For example
Userid = robin
The error "unknown column 'Robin" is reported because the field named robin does not exist in your table.
Only
Userid = 'Robin'
The userid value is robin.

Thanks to xu!