1

I have two tables (customers, admin) A user logs in by email and password, I need to check if either the email and password exists in the customer or admin table. The emails are unquie so won't have a problem there. This is for uni work, obviously I would have a better database design than this but I have to use what is given. I have this:

$email = $_POST['email']; 
$password = $_POST['password'];

$sql = "SELECT * FROM customer, admin WHERE cus_email = '$email'
 AND cus_password = '$password' OR admin_email = '$email' AND admin_password = '$password'";

Am not very good with Joins so I havent attempted one on this.

Thanks for any help :)

Improve this question

2 Answers 2

Reset to default
3

You really need a UNION rather than a JOIN here:

SELECT username
  FROM Customer
 WHERE cus_email = ? AND cus_password = ?
UNION
SELECT adminname AS username
  FROM admin
 WHERE admin_email = ? AND admin_password = ?

You should either use placeholders - the question marks - or protect yourself against SQL Injection attacks. There are functions to help you do that in PHP.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, I would be using stored procedures but the tutor doesn't teach that so apparently I cannot use them.
@Elliott: Even inside a stored procedure, if you build the SQL dynamically (as a string) you have to be careful. If you use placeholders in some form, you should be safe.
2 
SELECT cus_id as id, 'false' as IsAdmin 
FROM customer
WHERE cus_email = '$email' 
    AND cus_password = '$password' 
UNION ALL    
SELECT admin_id as id, 'true' as IsAdmin
FROM admin
WHERE admin_email = '$email' 
    AND admin_password = '$password'";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.