我无法将PHP变量传递给SQL查询

时间:2015-09-13 09:36:29

标签: php mysql

我的代码如下。我尝试使用PHP创建一个登录表单。它不起作用,所以请纠正我。

<?php
    $mycon = mysql_connect('localhost', 'root', '');
    $db = mysql_select_db('data', $mycon);

    $_user = mysql_real_escape_string($_POST['user']);
    $_pass = mysql_real_escape_string($_POST['pass']);

    $qur = "select * from admin where username = '$_user' and password = '$_pass' ";

    $res = mysql_query($qur, $mycon);

    if (mysql_num_rows($res) > 0) {

    }
    else {
        header('Location:admin.php');
    }
?>

3 个答案:

答案 0 :(得分:4)

使用方法<form>的{​​{1}}以及隐藏字段,例如:

POST

不推荐使用MySQL函数。请切换为MySQLiPHP Data Objects(PDO)。

答案 1 :(得分:-1)

&#13;
&#13; 
<?php
    $mycon = mysql_connect('localhost', 'root', '');
    $db = mysql_select_db('data', $mycon);

    $_user = mysql_real_escape_string($_POST['user']);
    $_pass = mysql_real_escape_string($_POST['pass']);

    $qur = "select * from admin where username = '".$_user."' and password = '".$_pass."'";

    $res = mysql_query($qur, $mycon);

    if (mysql_num_rows($res) > 0) {

    }
    else {
        header('Location:admin.php');
    }
?>
&#13;
&#13;
&#13;

答案 2 :(得分:-1)

<?php
    $mycon = mysql_connect('localhost', 'root', '');
    $db = mysql_select_db('data', $mycon);

    $_user = mysql_real_escape_string($_POST['user']);

    $_pass = mysql_real_escape_string($_POST['pass']);


    $qur = "select * from `admin` where `username`='{$_user}' and `password` ='{$_pass}'";


    $res = mysql_query($qur, $mycon);

    if (mysql_num_rows($res) > 0) {

        //Here your code will work

    }
    else {

        //And here it will not work
        header('Location:admin.php');
    }
?>

不要忘记检查表列名称。

相关问题
最新问题