-1
我让PHP网站 使用用户/密码登录 但用户可以跳过这个页面使用
“=”“或”
'或1 = 1 喜欢这个 下面的代码文件Login_Check.php如何避免“=”“或”
`
include("includeszzz/host_conf.php");
include("includeszzz/mysql.lib.php");
$obj=new connect;
$obj1=new connect;
$username=$_GET["username"];
$password=$_GET["password"];
//echo $username;
//echo $password;
$sql="select username from admin where username='$username'";
$obj->query($sql);
$U_num=$obj->num_rows();
//echo $U_num;
if($U_num!=0) {
$sql1="select password from admin where username='$username' and password='$password'";
$obj1->query($sql1);
$P_num=$obj1->num_rows();
if($P_num!=0) {
session_start();
$_SESSION["zizo"]="$username";
//header("location: welcome.php");
echo "1";
} else {
echo "Invalid Password Please Try Again";
}
} else {
echo "Invalid Username Please Try Again";
}
`
你所经历称为[** SQL注入**](https://www.owasp.org/index .PHP/SQL_Injection)。阅读我刚才发布的链接和一个在@ NathanTuggy的评论。 –