我的代碼上的煩人文字

Question

我在這裏卡住了。我想擺脫惱人的文字，因爲我在星期一需要這個項目。感謝您的幫助，請耐心等待我的謝謝，因爲我有一個錯誤，我需要添加一些更多的細節。

Connection.php

<?php 
$dbhost="localhost"; 
$dbuser="root"; 
$dbpass=""; 
$db="dblogin"; 

$conn= mysql_connect($dbhost,$dbuser,$dbpass); 

?> 

的login.php

<html> 
    <head> 
    <title>LOGIN</title> 
    <style> 
     div { 

      width:500px; 
      margin-top:100px; 
      margin-left:300px; 
      background:green; 
      border:1px solid red; 
     } 
     #sub{ 
      margin-left:40px; 

     } 
    </style> 
    </head> 
    <body> 
     <?php 
      require('connect.php'); 
      if(isset($_POST['Submit'])){ 
       $uname=mysql_escape_string($_POST['user']); 
       $pass=mysql_escape_string($_POST['pass']); 
       $sql=mysql_query("SELECT * FROM `user` WHERE `username` = `$uname` AND `password`=`$pass`"); 

       if(mysql_num_rows($sql) > 0){ 
        echo 'LOGIN'; 
        exit(); 
       } 

      } 
     ?> 
     <div> 
     <form action="login.php" method="POST"> 
      <label for="u">USERNAME: </label><input type="text" name="user" id="u"><br><br> 
      <label for="p">PASSWORD: </label><input type="text" name="pass" id="p"><br> 
      <input type="submit" name="Submit" value="SUBMIT" id="sub"> 

     </form> 
     </div> 
    </body> 
</html> 

Answer 1

嘗試以這種方式

$sql=mysql_query("SELECT * FROM user WHERE username = '$uname' AND password= '$pass'"); 

Answer 2

我認爲這不是一個好主意，用mysql_connect，因爲它是DEPR從PHP 5.5起。使用PDO這樣更好地重寫connection.php腳本：

$db = new PDO(
    'mysql:host=localhost;dbname=dblogin', 
    'root', 
    '', 
); 

然後你就可以在的login.php做：

require('connect.php'); 
$query = $db->prepare("SELECT * FROM user WHERE username = :username AND password = :password"); 
$query->bindParam(':username', $_POST['user'], PDO::PARAM_STR); 
$query->bindParam(':password', $_POST['pass'], PDO::PARAM_STR); 
if ($query->rowCount()) { 
    echo 'LOGIN'; 
    exit(); 
}