$sql = "SELECT * FROM ".$SETTINGS["USERS"]."'WHERE email =$email'".mysqli_real_escape_string($_POST['email'])."'AND password = $pw'".mysqli_real_escape_string($_POST['password'])."'";
答案 0 :(得分:1)
我想您的查询将是
$sql = "SELECT * FROM ".$SETTINGS["USERS"]." WHERE email = '".mysqli_real_escape_string($email, $_POST['email'])."' AND password = '". mysqli_real_escape_string($pwd,$_POST['password'])."'";
答案 1 :(得分:1)
或者在创建查询之前,也许应该这样
$email = mysqli_real_escape_string($db,$_POST['username']);
$pw = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT * FROM ".$SETTINGS["USERS"]." WHERE email = '$email' AND password = '$pw'";