现在用这句$sql = "select * from user where 'username'='$username'";就不能成功登录,还是说这个参数不能这样写??
改用$sql = "select * from user";就可以成功登录,但是我用echo $row[id];取ID的值,输入另外正确的用户名和密码,取到的还是第一个用户名的ID,这个ID是自动增长的... 正在摸索中,请各位指教!!
<?php
include ("conn.php");
if ($_POST[submit]) {
$username = str_replace(" ", "", $_POST[name]);
$username = $_POST['username'];
$sql = "select * from user where 'username'='$username'";
$query = mysql_query($sql);
$us = is_array($row = mysql_fetch_array($query));
$ps = $us ? md5($_POST[pwd] . ALL_PS) == $row[password] : FALSE;
if ($ps) {
echo $row[id];
$_SESSION[id] = $row[id];
$_SESSION[user_shell] = md5($row[username] . $row[password] . ALL_PS);
echo "登录成功"; } else {
echo "密码或者用户名错误 ";
}}
?> <form action="" method="post"> 用户名:<input type="text" name="username" size=15/><br> 密 码:<input type="password" name="pwd" size=15/><br>
<input type="submit" name="submit" value="登录"/>
</form>
改用$sql = "select * from user";就可以成功登录,但是我用echo $row[id];取ID的值,输入另外正确的用户名和密码,取到的还是第一个用户名的ID,这个ID是自动增长的... 正在摸索中,请各位指教!!
<?php
include ("conn.php");
if ($_POST[submit]) {
$username = str_replace(" ", "", $_POST[name]);
$username = $_POST['username'];
$sql = "select * from user where 'username'='$username'";
$query = mysql_query($sql);
$us = is_array($row = mysql_fetch_array($query));
$ps = $us ? md5($_POST[pwd] . ALL_PS) == $row[password] : FALSE;
if ($ps) {
echo $row[id];
$_SESSION[id] = $row[id];
$_SESSION[user_shell] = md5($row[username] . $row[password] . ALL_PS);
echo "登录成功"; } else {
echo "密码或者用户名错误 ";
}}
?> <form action="" method="post"> 用户名:<input type="text" name="username" size=15/><br> 密 码:<input type="password" name="pwd" size=15/><br>
<input type="submit" name="submit" value="登录"/>
</form>
$sql = "select * from user where `username`='".$username."'";
应该这样写吧! 是mysql吗?