存儲密鑰

Question

你好，大家好我已經看到它混淆了我一個lot..The代碼的代碼是

<?php 
define('DB_HOST', 'localhost'); 
define('DB_NAME', 'online'); 
define('DB_USER','root'); 
define('DB_PASSWORD',''); 

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error()); 
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error()); 

$email = $_POST['email']; 
$password = $_POST['password']; 

function SignIn() 
{ 
    session_start(); //starting the session for user profile page 
    if(!empty($_POST['email']) && $_POST['password']) //checking the 'user' name which is from Sign-In.html, is it empty or have some text 
    { 
     $query = mysql_query("SELECT * FROM users where email = '$_POST[email]' AND password = '$_POST[password]'") or die(mysql_error()); 
     $row = mysql_fetch_array($query) or die(mysql_error()); 
     if(!empty($row['email']) AND !empty($row['password'])) 
     { 
      $_SESSION['email'] = $row['password']; 
      echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE..."; 
      header('Location: basicinfo.html'); 
     } 
    } 
    else 
    { 
     header('Location: form.html'); 
    } 
} 
if(isset($_POST['Login'])) 
{ 
    SignIn(); 
} 

if(isset($_POST['createAccount'])) 
{ 
    header('Location:create.html'); 
} 
?> 

感到看到的代碼$_SESSION['email'] = $row['password'];這裏弄得我知道$row['password']很多獲取存儲到$_SESSION['email'] ..在$row['password']我知道密碼是那裏的關鍵..

我的問題是，將從$row['password']密鑰「密碼」的相應的值是什麼..是從查詢獲取的值？ ..與此陷入困境。

請幫我..Any幫助將不勝感激..Thanks

Answer 1

$行[「密碼」]將包含查詢從數據庫返回的密碼。

此外，您的代碼完全打開sql注入。

Answer 2

$_SESSION['email']和$row['password']將包含查詢結果與