我想知道这个php编码的错误,只是想知道这个编码中的错误在哪里我跳过了html部分页面输入设计,因为我只想知道php部分, ,我试图用这个用户输入用户名和密码登录网站,这个特定的网站应该是密码保护密码
<?php>
if isset($_POST=['submit']));
{
$inputuser = $_POST['user'];
$inputpass = $_POST['pass'];
$user = "root";
$password = "";
$database = "Tutorial";
$connect = mysql_connect("localhost",$user,$password);
@mysql_select_db($database) or ("database not found");
$query = " SELECT * FROM 'users' WHERE 'user' = i $inputuser";//for query specific data
$querypass = "SELECT * FROM 'users' WHERE 'user' = $ i $inputpass'";
$result = mysql_query($query);
$resultpass = mysql_query($querypass);
$row = mysql_fetch_array($result);
$rowpass = mysql_fetch_array($resultpass);
$serveruser = $row["user"];
$serverpass = $row["password"];
if($serveruser&&$serverpass){
if (!$result) {
die("username and password is invalid");
}
echo "<br> <center>database output</b></center><br><br>";
mysql_close();
echo $inputpass;
echo $serverpass;
if ($inputpass == $serverpass) {
header('location: Home.php');
} else {
header('location: fail.php');
}
}
答案 0 :(得分:0)
尝试这种方式:
$query="SELECT * FROM users WHERE user='" . mysql_real_escape_string( $inputuser ) . "' AND psw='" . mysql_real_escape_string( $inputpsw ) . "'";
$qr=mysql_query($query) or die (mysql_error());
if(mysql_num_rows($qr)>0) //admitting that usernames and psw are unique
{
//success
header('location:home.php');
}
else //no rows=no username responding to $inputusername
{
header('location:fail.php');
}