<?php
require("config.php");
require("conn.php");
$user_name = $_POST['user_name'];
$pwd= $_POST['pwd'];
$sql="SELECT * FROM ext_admin where user_name='$user_name' and pwd='$pwd'";
$result = mysql_query($sql,$db);
$myrow = mysql_fetch_row($result);
if($myrow[2]==$user_name && $myrow[3]==$pwd)//判断用户名和密码是否正确
{
echo "<script>window.location =\"login.php\";</script>";
}else{
echo "<strong>用户名和密码错误!!!</strong>";
echo "<br>";
echo "<br>";
echo "<a href=index.php>请返回.</a>";
}
?>
这个好像不对,求正解!谢谢各位了...
require("config.php");
require("conn.php");
$user_name = $_POST['user_name'];
$pwd= $_POST['pwd'];
$sql="SELECT * FROM ext_admin where user_name='$user_name' and pwd='$pwd'";
$result = mysql_query($sql,$db);
$myrow = mysql_fetch_row($result);
if($myrow[2]==$user_name && $myrow[3]==$pwd)//判断用户名和密码是否正确
{
echo "<script>window.location =\"login.php\";</script>";
}else{
echo "<strong>用户名和密码错误!!!</strong>";
echo "<br>";
echo "<br>";
echo "<a href=index.php>请返回.</a>";
}
?>
这个好像不对,求正解!谢谢各位了...
$result = mysql_query($sql,$db);===》
sql="SELECT pwd FROM ext_admin where user_name='$user_name';
$result = mysql_query($sql,$db);
$myrow = mysql_fetch_row($result);
if($myrow){
if($myrow['pwd']==$pwd){
//成功
}else{
//密码错误
}
}else{
//帐号不存在
}
2:$sql="SELECT * FROM ext_admin where user_name='$user_name' and pwd='$pwd'"也是不正确的。
像这样正确: <?php
$user_name = $_POST['user_name'];
$pwd= $_POST['pwd'];
$sql="SELECT * FROM ext_admin where user_name=? and pwd=?";
$pdo = new PDO('mysql:dbname=nba;host=localhost','root','111');
$stmt = $pdo->prepare($sql);
$stmt->bindValue(1,$user_name);
$stmt->bindValue(2,$pwd);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if($user){
//TODO 用户名和密码正确,做些什么
do right something.........
}else {
//TODO 用户名和密码错误,做些什么
do fail something.......
}
?>