2.5、后端开发基础PHP - PHP简介及PHP基本函数(下)【pklong007作业】 - 已锁定
login.html:
<!DOCTYPE html>
<html>
<head>
<title>php learn</title>
<style type="text/css">
div{display:block;}
div.login{
margin:50px 50px 50px 50px;
}
</style>
</head>
<body>
<div class="login">
<form id="login_frm" action="login.php" method="get">
<label>User name:</label>
<input type="text" name="user_name"/>
</br></br>
<label>password:</label>
<input type="text" name="password">
</br></br>
<input type="submit">
</form>
</div>
</body>
</html>
login.php:
<?php
$db_name="test";
$server_name="localhost";
$conn=mysqli_connect($server_name,"root","",$db_name);
if(!$conn)
{
die("connection error:" . mysqli_connect_error());
exit;
}
$curDb=mysqli_select_db($conn,$db_name);
if(!$curDb)
{
die("No such database:" . $db_name);
exit;
}
$user_name=$_GET['user_name'];
$password=$_GET['password'];
//$user_name=mysql_real_escape_string($user_name);
//$password=mysql_real_escape_string($password);
$loginQuery="select user_name,password from users where user_name='" . $user_name . "' and password = '" . $password . "'";
echo $loginQuery ;
if($user_name && $password)
{
$result=mysqli_query($conn,$loginQuery);
$rows=mysqli_num_rows($result);
if($rows)
{
echo "<script language=javascript>alert('Login success!');</script>";
return;
}
else
{
echo "<script language=javascript>alert(user : " + $user_name + " not exist );</script>";
exit;
}
}
else
{
echo "<html><head>Error</head><body><p>User name or password not valid.</p></body></html>";
}
?>
打赏我,让我更有动力~
返回首页
CTF&WP专版
Track-方丈
发表于 2018-3-28
通过,积分金币已发放。
tips: 此SQL查询结果仅能判断用户名密码是否匹配,不能判断用户是否存在。
评论列表
加载数据中...