好的,所以我正在尝试将我的工作人员面板从 mysql 重新编码为 pdo,看起来 pdo 不允许 2 和语句在其中。
这就是我到目前为止所拥有的
这是我的基本 html 表单
<form name="input" action="" method="post">
<p>Username:</p>
<p>
<input type="text" name="username" id ="username">
</p>
<p>Password: </p>
<p>
<input type="password" name="password" id = "password">
</p>
<p>
<input type="submit" value="Submit" name = "Submit">
</p>
</form>
然后我为提交按钮设置了一个 if
if (isset($_POST["Submit"])) {
$username= mysql_real_escape_string($_POST['username']);
$username2 = strip_tags($username);
$password= mysql_real_escape_string($_POST['password']);
$password2 = strip_tags($password);
$md5password = md5($password2);
$mod = 1 ;
$statement = $db->prepare("SELECT * FROM users WHERE username = ? AND password = ? AND mod = ?");
$statement->execute(array($username2,$md5password,$mod));
$count = $statement->rowCount();
/// If username and password is correct then we carry on
if ($count == "1")
{
$_SESSION['username'] = $username2 ;
//Test if it is a shared client
if (!empty($_SERVER['HTTP_CLIENT_IP'])){
$ip=$_SERVER['HTTP_CLIENT_IP'];
//Is it a proxy address
}elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$ip=$_SERVER['REMOTE_ADDR'];
}
$result5534453465 = mysql_query("UPDATE users SET lastip='".$ip."' WHERE username='".$_SESSION['username']."'")
or die(mysql_error());
mysql_query("INSERT INTO user_log (username, ip)
VALUES ('".$_SESSION['username']."', '".$ip."')");
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=home.php">';
exit;
}else{
echo "Password or username is wrong";
}
}
如果我取出第二个并且它工作正常,但我当然需要它,所以只有工作人员可以登录我回显用户名和 md5 密码都工作正常并匹配 db 条目。我是否说过如果我删除第二个并且一切正常,但我需要第二个并且只有工作人员可以登录。我究竟做错了什么 ??