marse(阿彪) ( ) 信誉:87 Blog 2006-11-10 18:05:53 得分: 0
LZ写的基本解决了。
但是对于SQL,需要从表单里取值的,都要用mysql_escape_string函数提防SQL注入危险。
<?php
mysql_connect("localhost","root","123");
mysql_select_db("test");
$sql='select user,pwd from table where user="'.mysql_escape_string($_POST['user']).'" and pwd="'.mysql_escape_string$_POST['password']).'";
$result = mysql_query($sql);
$row = mysql_num_rows($result);
if($row != 0)
{
header(.......);
........
--------------------------
刚看到得!给你贴上来!
原贴:http://community.csdn.net/Expert/topic/5148/5148895.xml?temp=.9343836接分!
LZ写的基本解决了。
但是对于SQL,需要从表单里取值的,都要用mysql_escape_string函数提防SQL注入危险。
<?php
mysql_connect("localhost","root","123");
mysql_select_db("test");
$sql='select user,pwd from table where user="'.mysql_escape_string($_POST['user']).'" and pwd="'.mysql_escape_string$_POST['password']).'";
$result = mysql_query($sql);
$row = mysql_num_rows($result);
if($row != 0)
{
header(.......);
........
--------------------------
刚看到得!给你贴上来!
原贴:http://community.csdn.net/Expert/topic/5148/5148895.xml?temp=.9343836接分!
htmlspecialchars()
配合使用吧.