我正在尝试创建一个登录页面,但是我有一个数据未被发送的问题。谁能帮我吗。带mysqli_real_escape_string的PHP不能正常工作
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);
$sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA1('$mypassword')";
$result=mysql_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("admin");
session_register("password");
$_SESSION['name']= $myusername;
header("location:admin.php");
}
else {
$msg = "$username $password $myusername $mypassword $sql $result Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
}
和输出我得到的是: 测试test123 SELECT * FROM login_admin其中用户名= \ '\' 和user_pass = SHA1(\ '\')错误的用户名或密码。请重试
'mysqli'也准备了语句,我建议你使用它们。 –
和我一样,@Jack。因此转义出错很多,所以最简单的做法就是不需要它,并且使SQL引擎更加智能化(即,在api中使用'Prepare'语句而不是'Query') – Amelia