不会吧?!我要你帖出的是你原来的写法时的 $sql 即: $uname="<script type=\"text/javascript\">document.write(unae)</script>"; $upwd="<script type=\"text/javascript\">document.write(upd)</script>"; $sql="select * from admin where adminName='$uname' and pwd='$upwd'";echo '<xmp>'. $sql; 的结果
终于知道怎么回事了,如果你查看源码我想楼主就会发现,其实楼主的 $uname依然是"<script type=\"text/javascript\">document.write(unae)</script>" $upwd也依然是"<script type=\"text/javascript\">document.write(upd)</script>"; 而我们所看到的页面中的$uname和$upwd是经过浏览器显示的,查看源码依然是<script.... 所以楼主的sql就是select * from table where uname = "<script...." and upwd = "<script...."就像<span>aaa</span>,我们在浏览器上看见的只有aaa,但是两边的标签<span是存在,不知道楼主看懂了么?
刚我MD5了下,发现此yy和彼yy不同(yy是我的密码),所以一想才终于想到是这么回事,呵呵
就是这样的了 select * from cdb_sys_admin where username = "<script>document.write(username);</script>" and password = "44789f3c914fcbdfa149cd4cd75b0811"
select * from admin where adminName='<script type="text/javascript">document.write(unae)</script>' and pwd='<script type="text/javascript">document.write(upd)</script>'<frameset rows="80,*" style="margin:0 auto;" border="0" >原来如此,怪不得查询不到了……汗,谢谢大家的帮助,结贴送分喽
$upwd = $_COOKIE['userPwd'];
要用while循环吧...
这个就是$sql输出的语句,但是查询到的结果为0,什么也没查到
//楼主试一试<script type="text/javascript">
var unae = getCookies('userName');
var upd =getCookies('userPwd');
</script>
<?php
include("data/conn.php");
$uname="<script type=\"text/javascript\">document.write(unae)</script>";
$upwd="<script type=\"text/javascript\">document.write(upd)</script>";
$sql="select * from admin where adminName='$uname' and pwd='$upwd'";
ob_start();
echo $sql;
$sql = ob_get_clean();
$result = mysql_query($sql)or die(mysql_error());
$num_results = mysql_num_rows($result);
echo "<br />查询到的数据有".$num_results."条";
/*
if($num_results!=1){
echo "<script type=\"text/javascript\">alert('抱歉,您的权限不足,请联系管理员解决!');window.location.href='admin.html';</script>";
}else{
echo "恭喜您,登陆成功!";
}
*/
?>
即:
$uname="<script type=\"text/javascript\">document.write(unae)</script>";
$upwd="<script type=\"text/javascript\">document.write(upd)</script>";
$sql="select * from admin where adminName='$uname' and pwd='$upwd'";echo '<xmp>'. $sql; 的结果
$uname依然是"<script type=\"text/javascript\">document.write(unae)</script>"
$upwd也依然是"<script type=\"text/javascript\">document.write(upd)</script>";
而我们所看到的页面中的$uname和$upwd是经过浏览器显示的,查看源码依然是<script....
所以楼主的sql就是select * from table where uname = "<script...." and upwd = "<script...."就像<span>aaa</span>,我们在浏览器上看见的只有aaa,但是两边的标签<span是存在,不知道楼主看懂了么?
select * from cdb_sys_admin where username = "<script>document.write(username);</script>" and password = "44789f3c914fcbdfa149cd4cd75b0811"