最近有人攻击我的PHP CMS并种植了SQL注入.有没有办法让我的登录代码更受保护并防止黑客入侵?任何帮助都会很棒,谢谢.
登录表格
<div id="loginform">
<form method="post" action="check-login.php" name="form1">
<label for="username" /><span style="color:#FFFFFF; font-family:'Trebuchet MS', Arial, Helvetica, sans-serif;">username:</span></label>
<input type="text" name="myusername" id="username"/>
<label for="password"/><span style="color:#FFFFFF; font-family:'Trebuchet MS', Arial, Helvetica, sans-serif;">password:</span></label>
<input type="password" name="mypassword" id="password"/>
<label for="submit"></label>
<input type="submit" name="sumbit" value="Login">
</form>
</div>
PHP
mysql_connect ($host, $username, $password) or die ("can't connect");
mysql_select_db ($db_name) or die (mysql_error());
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if ($count …