name=$HTTP_POST_VARS("name");
pass=$HTTP_POST_VARS("pass");
然后
"SELECT * FROM 密码表 WHERE name = '".name."' AND pass = '".pass";
如果记录非空的话表明登陆成功
为了防止sql攻击,最好先对上面的name和pass用下面的function处理:
<?
function gpc2sql($str){
if(get_magic_quotes_gpc()==1) return $str;
else return addslashes($str);
}
?>
----------------------------------------------------------------------------------
下面是个完整的例子,没有用上面的function处理
<?
if($login){
$con = mysql_connect("localhost","test","") or die("无法连接服务器"); $sql = "select * from login where user='$user' and pass=password('$pass')";
$rst = mysql_db_query("test",$sql,$con) or die("$sql出错");
if(mysql_num_rows($rst)==1) echo "验证成功";
else echo "验证失败";
mysql_free_result($rst); mysql_close($con);
}
else{
echo "<html>".chr(13);
echo "<body>".chr(13);
echo "<form action=\"$PHP_SELF\" method=\"POST\">".chr(13);
echo "用户名:<input type=\"text\" name=\"user\"><br/>".chr(13);
echo "密 码:<input type=\"password\" name=\"pass\"><br/>".chr(13);
echo "<input type=\"submit\" name=\"login\" value=\"验证\">".chr(13);
echo "</form>".chr(13);
echo "</body>".chr(13);
echo "</html>".chr(13);
}
?>
pass=$HTTP_POST_VARS("pass");
然后
"SELECT * FROM 密码表 WHERE name = '".name."' AND pass = '".pass";
如果记录非空的话表明登陆成功
为了防止sql攻击,最好先对上面的name和pass用下面的function处理:
<?
function gpc2sql($str){
if(get_magic_quotes_gpc()==1) return $str;
else return addslashes($str);
}
?>
----------------------------------------------------------------------------------
下面是个完整的例子,没有用上面的function处理
<?
if($login){
$con = mysql_connect("localhost","test","") or die("无法连接服务器"); $sql = "select * from login where user='$user' and pass=password('$pass')";
$rst = mysql_db_query("test",$sql,$con) or die("$sql出错");
if(mysql_num_rows($rst)==1) echo "验证成功";
else echo "验证失败";
mysql_free_result($rst); mysql_close($con);
}
else{
echo "<html>".chr(13);
echo "<body>".chr(13);
echo "<form action=\"$PHP_SELF\" method=\"POST\">".chr(13);
echo "用户名:<input type=\"text\" name=\"user\"><br/>".chr(13);
echo "密 码:<input type=\"password\" name=\"pass\"><br/>".chr(13);
echo "<input type=\"submit\" name=\"login\" value=\"验证\">".chr(13);
echo "</form>".chr(13);
echo "</body>".chr(13);
echo "</html>".chr(13);
}
?>
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货