每当用户在尝试登录时在用户名或密码字段中输入简单引号(')时,我都会遇到错误。显示HTML代码,我无法修复它。
这是我的登录页面
的login.php
require "init.php";
$user_name=$_POST['login_name'];
$user_pass=$_POST['login_pass'];
$sql_query="select name,course_name,mark from user_info,Marks where user_info.username=Marks.student_username and username like '$user_name' and password like '$user_pass';";
$result = mysqli_query($con,$sql_query);
if(mysqli_num_rows($result)>0)
{
$row=mysqli_fetch_assoc($result);
$name=$row["name"];
$username=$row['username'];
$course=$row['course_name'];
$mark=$row['mark'];
echo $name;
}
else
{
echo "username or password incorrect";
}
按下登录按钮后的Html代码
答案 0 :(得分:-1)
您将自己暴露于sql injection
尝试
$result = mysqli_real_escape_string($con,$sql_query);
从 What's the best method for sanitizing user input with PHP?