mysql_real_escape_string 导致问题? [英] mysql_real_escape_string causes problems?

问题描述

好的.所以我做了一个表格.如果我将 mysql_real_escape_string 放在从表单中检索到的变量 $usrname(是的，它的拼写正确)上，它会返回我的另一个变量 $verify 为 false.看一看:

Okay. So I made a form. If I put in mysql_real_escape_string on my variable $usrname (yes its spelled right) that was retrieved from the form, it returns my other variable, $verify as false. Take a look:

<html>
<body>
<?php  

session_start();

include("mainmenu.php");  

$usrname = $_POST['usrname']; 
$password = sha1($_POST['password']);

$con = mysql_connect("localhost", "root", "Y0U_C@NT_H@NDLE_THE_TRUTH!");
 if(!$con){
  die("Unable to establish connection with host. We apologize for any inconvienience.");
}

mysql_select_db("users", $con) or die("Can't connect to database.");

$select = "SELECT * FROM `data` WHERE usrname = '$usrname' and
password = '$password'";
$query = mysql_query($select);
$verify = mysql_num_rows($query);

if($verify==1){
    $_SESSION["valid_user"] = $usrname;
    header("location:index.php");
}
else{
     echo "Wrong username or password. Please check that CAPS LOCK is off.";
     echo "<br/>";
     echo "<a href=\"index.php\">Back to login</a>";
} 

mysql_close($con);

?> 
</body>

如果我将 mysql_real_escape_string 放在我的注册表单或登录表单中，它会返回 $verify 作为 false.怎么了?

If I put the mysql_real_escape_string in either my registration form or login form, it returns $verify as false. What's wrong?

推荐答案

请确保在 PHP 设置中关闭Magic Quotes".此处解释了如何禁用它.

Please make sure "Magic Quotes" is off in the PHP settings. How to disable it is explained here.

这篇关于mysql_real_escape_string 导致问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！