$sql="Select * from yhzc where username="$_POST['name']""; ===> $sql="Select * from yhzc where username='{$_POST['name']}'";$sql2="Select password from yhzc where username="$_POST['name']" and password ="$_POST['password']""; ===> $sql2="Select password from yhzc where username='{$_POST['name']}' and password ='{$_POST['password']}'";
<?php $username=$_POST['name']; $password=$_POST['password']; $conn=mssql_pconnect("localhost","sa","1"); mssql_Select_db("njc2",$conn); $sql="Select * from yhzc where username='$username'"; $sql2="Select password from yhzc where username='$username' and password ='$password'"; $res= mssql_query($sql,$conn); $res2=mssql_query($sql2,$conn); $row=mssql_num_rows($res); $row2=mssql_num_rows($res2); if($row==0) {echo "登陆失败";} else if ($row==1&&$row2==0) {echo "登陆失败";} else {echo "登陆成功";} ?>两个字段要是字符型的。
===>
$sql="Select * from yhzc where username='{$_POST['name']}'";$sql2="Select password from yhzc where username="$_POST['name']" and password ="$_POST['password']"";
===>
$sql2="Select password from yhzc where username='{$_POST['name']}' and password ='{$_POST['password']}'";
$username=$_POST['name'];
$password=$_POST['password'];
$conn=mssql_pconnect("localhost","sa","1");
mssql_Select_db("njc2",$conn);
$sql="Select * from yhzc where username='$username'";
$sql2="Select password from yhzc where username='$username' and password ='$password'";
$res= mssql_query($sql,$conn);
$res2=mssql_query($sql2,$conn);
$row=mssql_num_rows($res);
$row2=mssql_num_rows($res2);
if($row==0)
{echo "登陆失败";}
else if ($row==1&&$row2==0)
{echo "登陆失败";}
else
{echo "登陆成功";}
?>两个字段要是字符型的。