[英]Logging In via AJAX/MySql/PHP
Basically I want to check a database to see if the username and password are a match if so unlock the submit button. 基本上,我想检查数据库以查看用户名和密码是否匹配,如果是的话,请解锁提交按钮。
<?php
mysql_connect('localhost', '', '');
mysql_select_db('database');
if(isset($_POST['submit'])){
mysql_query("SELECT username,password FROM table WHERE username='".$_POST['username']."',password='".$_POST['password']."'")
}
?>
Form: 形成:
<form method="post">
Username <input type="text" name="username" />
Password <input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>
mysql_real_escape_string()
before inserting them into a query. mysql_real_escape_string()
字符串进行转义。 Otherwise you're ripe for SQL injection I don't know if i get you right but anyway try : 我不知道我是否正确,但是无论如何请尝试:
HTML: HTML:
<form method="post">
Username <input type="text" id="username" name="username" />
Password <input type="password" id="password" name="password" />
<input type="submit" name="submit" id="submit" value="Login" />
</form>
jQuery: jQuery的:
$("#submit").hide();
$.post("checkUsername.php", { username: $("#username").val(), password: $("#password").val() }, function(result) {
if(result == "true") { $("#submit").fadeIn(fast); }
});
Php ( checkUsername.php ): PHP(checkUsername.php):
if(mysql_num_rows(mysql_query("SELECT username,password FROM table WHERE username LIKE '". mysql_real_escape_string($_POST['username']) . "',password LIKE '".mysql_real_escape_string($_POST['password'])."'")))
{
echo "true";
}
else
{
echo "false";
}
You should avoid using the LIKE keyword for a login prompt like this, since wildcards are unaffected by mysql_real_escape_string. 您应该避免对这样的登录提示使用LIKE关键字,因为通配符不受mysql_real_escape_string的影响。 A user can log in with a username and password of "%".
用户可以使用用户名和密码“%”登录。
See the following blog post: http://blog.spiderlabs.com/2012/03/like-omg.html 请参阅以下博客文章: http : //blog.spiderlabs.com/2012/03/like-omg.html
Use = instead of LIKE. 使用=代替LIKE。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.