此查询中有什么错误。帮助表示赞赏

时间:2018-11-15 05:01:32

标签: mysql

$sql = "SELECT * FROM ".$SETTINGS["USERS"]."'WHERE email =$email'".mysqli_real_escape_string($_POST['email'])."'AND password = $pw'".mysqli_real_escape_string($_POST['password'])."'";          

2 个答案:

答案 0 :(得分:1)

我想您的查询将是

$sql = "SELECT * FROM ".$SETTINGS["USERS"]." WHERE email = '".mysqli_real_escape_string($email, $_POST['email'])."' AND password = '". mysqli_real_escape_string($pwd,$_POST['password'])."'";

答案 1 :(得分:1)

或者在创建查询之前,也许应该这样

  $email = mysqli_real_escape_string($db,$_POST['username']);
  $pw = mysqli_real_escape_string($db,$_POST['password']); 
  $sql = "SELECT * FROM ".$SETTINGS["USERS"]." WHERE email = '$email' AND password = '$pw'";