1
我的PHP登录系统使用MYSQL登录时使用空值。这是为什么发生?Php登录系统-null值登录
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
mysql_connect("localhost" , "root" , "");
mysql_select_db("deirastaff");
$result = mysql_query("SELECT * FROM users WHERE username ='$username' and password = '$password' ")
or die("Login failed" .mysql_error());
$row = mysql_fetch_array($result);
if ($row['username']==$username && $row['password']==$password) {
$_SESSION['username']=$username;
echo '<script type="text/javascript"> window.open("staff.php","_self");</script>';
//header("location:staff.php");
//echo "Login Successfull "."Welcome ".$row['username'];
}else {
echo '<script type="text/javascript">
window.alert("Login failed!");
window.open("index.php","_self");
</script>';
//header("location:index.php");
//echo "Login Failed !";
break;
}
您应该使用mysqli,而不是mysql,因为它现在已被弃用,它也非常不安全。您还应该使用mysqli_real_escape_string()函数来防止SQL注入。 I.E. $ username = mysqli_real_escape_string($ _ POST ['username']; –
通过在每行之前添加四个空格来设置您的代码的格式,然后它将显示更清晰。 – glaux