致命错误:未捕获的错误调用未定义函数mysql_real_escape_string()HTML / PHPMYADMIN

时间:2018-10-07 12:44:30

标签: html mysql phpmyadmin

我目前有货:(基本上我正在登录页面,登录页面没有问题,但是一旦我提交了...这就是我登录页面的代码。

<form action= "process.php" method="POST">
Username: <input type="text" id="user" name="username">
Password: <input type="password" id="pass" name="password">
<input type="submit" value="Submit" >

现在我的process.php却出现了同样的错误..我似乎找不到问题。请帮助,这是代码

<?php
    $username = $_POST['user'];
    $password = $_POST['pass'];

    //to prevent sql injection
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string ($password);

    //connect to the server and select database
    mysql_connect("localhost","root","");
    mysql_select_db("franklin offshore");

    //query the database for user
    $result = mysql_query("select * from login where username='$username' 
    and password='$password'")
        or die ("Failed to query database ".mysql_error());
    $row = mysql_fetch_array($result);
    if ($row['username'] == $username && $row['password'] == $password)
    {
        echo "LOGIN SUCCESS WELCOME" .$row['username'];
    }
    else
    {
        echo "Failed to LOGIN" ;
    }
?>

这是它一直显示的内容

  

致命错误:未捕获错误:调用未定义函数   mysql_real_escape_string()

请帮助

2 个答案:

答案 0 :(得分:0)

我建议使用mysqli(在代码中将mysql替换为mysqli,并使用变量连接到数据库。

赞:

$db = mysqli_connect("localhost", "username", "", "database");

然后,您必须将$db放在mysqli_query中作为参数。

这里是一个例子:

$result = mysqli_query($db, "select * from login where username='$username' and password='$password'");

答案 1 :(得分:0)

尝试下面的方法...它将起作用。

<?php
$username = $_POST['user'];
$password = $_POST['pass'];

$username = stripcslashes($username);
$password = stripcslashes($password);

$db = mysqli_connect("localhost","root","","franklin offshore");

$result = mysqli_query($db, "select * from login where username = '$username' and password = '$password'")
                or die("Faild to query database " .mysqli_error());
$row = mysqli_fetch_array($result);
if ($row['username']== $username && $row['password'] == $password){
    echo "Login success!!! Welcome " .$row['username'];
} else {
    echo "Faild to login!";
}

?>

如上所述,您需要在代码中将所有mysql替换为mysqli。

请参考此链接MySQL vs MySQLi when using PHP

并且还删除“ mysql_real_escape_string”代码。

谢谢。

相关问题
最新问题