我有这样的代码:登录的连接任何密码或用户名是:
if($submit)
{
$first=$_POST['first'];
$password=$_POST['password'];
$db = mysql_connect("localhost", "root","");
mysql_select_db("learndb",$db);
$sql = "select * from admin where username = '" . $first . "' and password = '". $password . "'";
$result = mysql_query($sql);
if($result>0)
{
echo "LOGGED IN!!";
}
else
{
echo "ERROR!!!";
}
和我的HTML表单:
<form method="post" action="input-copy.php">
First name:<input type="Text" name="first" placeholder="ENTER YOUR NAME"><br>
password:<input type="password" name="password" placeholder="ENTER PASSWORD"><br>
<input type="submit" name="submit" value="Enter information"></form>
但无论我进入名字和密码,它会显示登录!
使用mysql_num_rows == 1,检查和使用的mysqli或PDO –
@SugumarVenkatesan由于您的评论可能会解决这个问题,为什么不你提交它作为答案? – Peter
不要使用大于0来检查它是否返回多于一行而不是安全问题 –