php-数据库访问--增、删、改
时间:2021-07-01 10:21:17
帮助过:17人阅读
.
php
<?
php
$_post["uid"
];
$_post["pwd"
];
//造连接对象
$db =
new MySQLi("localhost","root","123","mydb"
);
//写SQL语句
$sql = "select password from login shere uid=‘{
$uid}‘"
;
//执行SQL语句
$resulat =
$db->query(
$sql);
$n =
$result->
fetch_row();
//判断
if($uid!="" && $pwd !=‘‘)
{
if(
$n[0]==
$psd)
{
header(location:main.
php);
}
else
{
echo"用户名或密码错误"
;
}
}
else
{
echo"用户名或密码不能为空";
}
/*写SQL语句,不安全的登录方式
//注入攻击
$sql = "select count(*) from login where useename=‘{$uid}‘ and passwoed= ‘{$pwd}‘";
//执行SQL语句
$result = $db->query($sql);
$n = $result->fetch_row();
if($n[0]>0)
{
header("location:main.php");
}
else
{
echo"用户名或密码错误";
}*/
注入攻击,此种代码的写法登录不安全
php-数据库访问--增、删、改
标签:amp nbsp where new log bsp test form 用户名
