我想用PHP和MySQL登录,但每次登录时,它都会分开,尽管所有用户名和用户密码都来自数据库,并将其作为纯文本使用,无需加密。
以下是登录代码:<?php
include("config.php");
if(isset($_POST['login'])) {
$user_name = mysql_real_escape_string($_POST['user_name']);
$user_pass = mysql_real_escape_string($_POST['user_pass']);
//$encrypt=md5($user_pass);
$admin_query = mysql_query("select user_name,user_pass from admin where `user_name` = '$user_name' AND `user_pass` = '$user_pass' ");
//$run= mysql_query($admin_query);
$row = mysql_num_rows($admin_query); //if user_name and user_pass is correct it must return atlest one
$row_ar =mysql_fetch_array($admin_query);
if( $row == 1 && $row_ar['user_pass']==$user_pass) {
$_SESSION['user_name'] = $user_name;
echo "";
} else {
echo"";
}
}
?>
数据库有一个表admin,它有3个coloumnsid , user_name ,user_pass
每个项目都是纯文本的。
最佳答案
使用mysqli或PDO执行数据库操作,因为不推荐使用mysql扩展。mysqli_real_escape_string()函数转义字符串中的特殊字符,以便在SQL语句中使用。还必须将连接对象作为参数传递。include("config.php");
if(isset($_POST['login'])) {
$user_name = mysqli_real_escape_string($con,$_POST['user_name']);//$con is database connection object
$user_pass = mysqli_real_escape_string($con,$_POST['user_pass']);
//$encrypt=md5($user_pass);
$admin_query = mysqli_query("select user_name,user_pass from admin where `user_name` = '$user_name' AND `user_pass` = '$user_pass' ");
//$run= mysql_query($admin_query);
$row = mysqli_num_rows($admin_query); //if user_name and user_pass is correct it must return atlest one
$row_ar =mysqli_fetch_array($admin_query);
if( $row == 1 && $row_ar['user_pass']==$user_pass) {
$_SESSION['user_name'] = $user_name;
echo "";
}
else {
echo"";
}
}