Triming String时PHP不推荐使用的错误消息

时间:2015-07-27 15:31:21

标签: php mysql html5 mysqli

我有一个PHP代码,其中包含任何人都可以帮助的弃用行。

<?php
include('config.php');

session_start(); // Starting Session

$error=''; // Variable To Store Error Message

if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];

// Create connection
$con = new mysqli($dbhost_name, $db_username, $db_password, $database , 3306);


// Check connection
if($con->connect_error){
 die("Connection failed: ".$con->connect_error);
                             }

// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


// Retrieve data from database 
$sql="select * from login where password='$password' AND username='$username'";

$result = $con->query($sql);

$rows = $result->fetch_assoc(); 




if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}

$con->close(); // Closing Connection
}
}

?>

以下是代码。

以下是错误消息。

enter image description here

2 个答案:

答案 0 :(得分:0)

注意 mysql自PHP 5.5.0起已弃用,将来会被删除。相反,应该使用MySQLi或PDO_MySQL扩展。

mysql_函数替换为mysqli_函数

改变 
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);

答案 1 :(得分:-1)

不推荐使用函数mysql_real_escape_string() [1]。

使用mysqli_real_escape_string()代替[2]。

[1] http://php.net/manual/en/function.mysql-real-escape-string.php

[2] http://php.net/manual/en/mysqli.real-escape-string.php

相关问题
最新问题