我目前正在升级朋友网站的代码,但遇到了登录脚本问题。我试图通过使用来防止 SQL 注入mysql_real_escape_string()
。mysql_escape_string()
工作正常,但mysql_real_escape_string()
没有。这就是我所拥有的:
if (isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$db_link = db_connect("project");
$query = "SELECT * FROM user WHERE username = '$username' AND password = password('$password')";
$result = mysql_query($query) or die (mysql_error());
$numrows = mysql_num_rows($result);
if($numrows == 1)
{
RedirectToURL("home.php");
}
else
{
login_page("Invalid login! Try again");
}
}
else
{
login_page("");
}