我遵循了手册上的教程,以使我的登录代码更安全,这在遵循http://www.w3schools.com/php/func_mysql_real_escape_string.asp上的教程后现在无法正常工作, 它显示以下错误
警告:mysql_num_rows() 期望参数 1 是资源,布尔值在第 32 行的 /home/content/58/9508458/html/pabrowser/checklogin.php 中给出
警告:无法修改标头信息 - 标头已由 /home/content/58/9508458/html/pabrowser/checklogin 中的(输出开始于 /home/content/58/9508458/html/pabrowser/checklogin.php:32)发送。第 46 行的 php
并且没有登录
<?php
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
$link = mysql_connect('xxxxxxx');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("brainoidultrafb", $link);
// username and password sent from form
$myusername=check_input($_POST['myusername']);
$mypassword=check_input($_POST['mypassword']);
$sql="SELECT * FROM logintbl WHERE stu_email='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $mypassword;
header("location:login_success.php");
}
else {
header('Location: http://www.xxxxxx.com/pabrowser/index.php?succmsg1=INVALID.RETRY');
}
?>
有什么建议可以让它更安全吗?