表单验证
<html>
<meta charset="utf-8">
<center>
<h3>后台登陆</h3>
<form action= "" method="POST" >
账号: <input type="text" name="username"/><br/>
密码: <input type="password" name="password"/><br>
<input type="submit" , value="登陆">
<?<?php
@$uname=$_POST[‘username’];
@$passwd=$_POST[‘password’];
if(strlen($uname)==0||strlen($passwd)==0)
{echo(‘帐号密码不可为空’);
return;}
$z1=preg_match(‘/select|from|order|by|where|\=|sleep|\’|\”|\|databse|and|or/‘,$uname);
$z2=preg_match(‘/select|from|order|by|where|\=|sleep|\’|\”|\|databse|and|or/‘,$passwd);
if($z1|$z2)
{die(‘有非法字符入侵请重新输入’);}
$sql=”select * from biaodan where uname=’$uname’ and passwd=’$passwd’”;
$conn=mysqli_connect(‘127.0.0.1’,’root’,’root’,’db_name’);
$result=mysqli_query($conn,$sql);
$row=mysqli_fetch_array($result);
if($row[‘uname’]===$uname and $row[‘passwd’===$passwd])
{
echo”<script>(‘登陆成功’)</script>“;
}
else{
echo”<script>(‘用户名或密码错误’)</script>“;}
mysqli_close($conn);
?>
</form>
</center>
</html>
输入’ or 1=1 #
输入’ or 1=1 #