在这里你去例如使用PDO预处理语句
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset=utf8', $db_user, $db_pass);
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $dbh->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
?>
和HTML表单
<form action="" method="post">
<input type="text" name="username" placeholder="Username"><br />
<input type="password" name="password" placeholder="Password"><br />
<input type="submit" name="submit" value="Login">
</form>
更新
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = ? AND password = ?"))
{
/* bind parameters for markers */
$stmt->bind_param("s", $username);
$stmt->bind_param("s", $password);
/* execute query */
$stmt->execute();
$number_of_rows = $stmt->rowCount();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
/* close statement */
$stmt->close();
}
}
$mysqli->close();
?>
并尝试这个
<?php
error_reporting(1);
ini_set('display_errors', '1');
$conn = mysqli_connect('host', 'username', 'password', 'table name');
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'");
if ($query)
{
// Valid Username and Password
if (mysqli_row_count($query) > 0)
{
$row = mysqli_fetch_array($query);
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
}
?>
'mysql的。*'扩展已被弃用,使用'mysqli'代替 –
mysql扩展可能会被弃用,但不删除之前到PHP 7 –
不过是当你问一个问题关于这将是,如果你使用的mysqli扩展 –