?php|class action extends mysql{_我做php登录页面，我有限制用户名和密码不能为空大密码错了也可以登录怎么回事？ 帮帮忙吧各位朋友...

session_start();

?>

mysql_connect("localhost:","root","root");

mysql_select_db("book_db");

//mysql_quwry("set mames 'gbk'");

$user=$_REQUEST['userid'];

$password=$_REQUEST['pswd'];

$slt=$_REQUEST['userkind'];

if($user==""||$password==""||$slt==""){

echo "以上空格均不能为空";

}

echo $user;

echo $slt;

echo $password;

if($slt=="用户"){

$sql="select name,password from user_id where name='$user' and password=password('$password')";

$rs=mysql_query($sql);

//$row=mysql_fetch_array($rs);

if($rs!=""){

/* $slp=mysql_result($rs,0);

}

if($slp!=""){

if($psw==$slp){*/

$_SESSION['username']=$user;

?>

alert("恭喜你登陆成功");

location.href="book_select.php";

}else{

echo "密码错误，可能是用户名和密码错误；";

?>

location.href="index.html";

}

}

?>

if($slt=="管理员"){

$sql="select name,password from admin where name='$user' and password=password('$pswd')";

$rs=mysql_query($sql);

//$row=mysql_fetch_array($rs);

if($rs!=""){

/* $slp=mysql_result($rs,0);

}

if($slp!=""){

if($psw==$slp){*/

$_SESSION['username']=$user;

?>

alert("恭喜你登陆成功");

location.href="gly.php";

}else{

echo "密码错误，可能是用户名和密码错误；";

?>

location.href="index.html";

}

?>

}

?>

应该在哪里加什么限制条件，望各位指教

展开