$user = "SELECT username FROM " . DB_TABLE ." WHERE name= ".$_POST['username']." and password = ".$_POST['password'];
这样为什么不行啊,改成 $user = "SELECT username FROM " . DB_TABLE ." WHERE name={$_POST['username']} and password = {$_POST['password']}";就可以了,请问是怎么回事啊,希望能够通俗易懂且详细的讲解,谢谢了
两个é½æé®é¢æ对,ä½ çSQLè¯å¥æéï¼å设$_POST['username']='user';
$_POST['password']='pass';ä½ å¾å°çè¯å¥æ¯SELECT username FROM DB_TABLE WHERE name= user and password= pass
èæ£ç¡®çè¯å¥åºè¯¥æ¯SELECT username FROM DB_TABLE WHERE name= 'user' and password= 'pass'(æäºå 个å¼å·æ以æ¥é)
$_POST['password']='pass';ä½ å¾å°çè¯å¥æ¯SELECT username FROM DB_TABLE WHERE name= user and password= pass
èæ£ç¡®çè¯å¥åºè¯¥æ¯SELECT username FROM DB_TABLE WHERE name= 'user' and password= 'pass'(æäºå 个å¼å·æ以æ¥é)
温馨提示:答案为网友推荐,仅供参考
