我真的不明白为什么这种说法是错误语法的MySQL/PHP的错误
$uname=$_POST['username'];
$pass=$_POST['pass'];
$str="select * from account where username='".$uname."' and password='".$pass."'";
echo $str;
echo "\n";
$str=mysql_real_escape_string($str);
$result=mysql_query($str) or die("Error: ". mysql_error(). " with query ". $str);
$num=mysql_num_rows($result);
这表明我:
select * from account where username='negin'and password='parsa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'negin\'and password=\'parsa\'' at line 1 with query select * from account where username=\'negin\'and password=\'parsa\'
mysql_ *函数是如此去年.... PDO PDO PDO – 2012-02-22 16:25:32
'ext/mysql'已正式被弃用。请使用mysqli或PDO,并请使用准备好的语句和占位符。 – pilcrow 2012-02-22 16:29:19