我有這樣的代碼:登錄的連接任何密碼或用戶名是:
if($submit)
{
$first=$_POST['first'];
$password=$_POST['password'];
$db = mysql_connect("localhost", "root","");
mysql_select_db("learndb",$db);
$sql = "select * from admin where username = '" . $first . "' and password = '". $password . "'";
$result = mysql_query($sql);
if($result>0)
{
echo "LOGGED IN!!";
}
else
{
echo "ERROR!!!";
}
和我的HTML表單:
<form method="post" action="input-copy.php">
First name:<input type="Text" name="first" placeholder="ENTER YOUR NAME"><br>
password:<input type="password" name="password" placeholder="ENTER PASSWORD"><br>
<input type="submit" name="submit" value="Enter information"></form>
但無論我進入名字和密碼,它會顯示登錄!
使用mysql_num_rows == 1,檢查和使用的mysqli或PDO –
@SugumarVenkatesan由於您的評論可能會解決這個問題,爲什麼不你提交它作爲答案? – Peter
不要使用大於0來檢查它是否返回多於一行而不是安全問題 –