這是用於登錄系統的。當我希望用戶登錄時,我希望它獲得給定的密碼並將其與給定行的「密碼」列進行比較......在這種情況下,$usernameinput
但我使用的方法不起作用。有什麼建議麼?在sql中選擇特定單元
<?php
$usernameinput = $_POST["uname"];
$passwordinput = $_POST["pass"];
if (empty($usernameinput))
{
echo "";
}
else
{
$con = mysql_connect("localhost","STUFFFFF","STUFFFFFF");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
這裏是它選擇
mysql_select_db("STUFFFFF", $con);
$login = mysql_query("SELECT * FROM Users
WHERE Username='$usernameinput'");
while($row = mysql_fetch_array($result))
{
$matchpassword = $row['Password'];
}
}
if (empty($passwordinput))
{
echo "";
}
else
{
if ("$passwordinput"=="$matchpassword")
{
$sqlusername = $usernameinput;
echo "You were logged in successfully, now you can visit the site as $sqlusername. <br />";
}
else
{
echo "You have entered an incorrect password.";
}
}
?>
<form action="login.php" method="post">
Username: <input type="text" name="uname" /> <br />
Password: <input type="password" name="pass" /> <br />
<input value="Login" type="submit" />
</form>
你應該知道SQL注入:其中username =「$ usernameinput」?」 – 2012-07-20 21:38:07
我怎麼能防止 – 2012-07-20 21:38:55
點擊此處去掉多餘QUOT的:‘$ passwordinput’==‘$ matchpassword’ – 2012-07-20 21:39:08