我制作了一个登录检查脚本,该脚本检查用户名和密码是否与数据库中设置的帐户匹配。一切正常,但实际上不区分大小写!如何使此脚本也检查大写/小写?例如:我有一个用户名:AdMin密码:My43sGG。如果我在登录字段中输入admin和my43sgg,它也将起作用。
我的脚本:
<?php
// connect to the database
include("config.php");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM " .$members. " WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:index.php");
}
else {
?>
使用 BINARY
WHERE BINARY username = BINARY '$myusername' AND
BINARY password = BINARY '$mypassword'
作为一个旁注,查询是脆弱的SQL Injection,如果值(小号变量)从外面走了进来。请查看下面的文章,以了解如何防止它。通过使用,PreparedStatements您可以摆脱在值周围使用单引号的麻烦。
| 归档时间: |
|
| 查看次数: |
12582 次 |
| 最近记录: |