【发布时间】:2015-07-27 15:31:21
【问题描述】:
我有一个 php 代码,其中包含已弃用的行,任何人都可以帮忙。
<?php
include('config.php');
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Create connection
$con = new mysqli($dbhost_name, $db_username, $db_password, $database , 3306);
// Check connection
if($con->connect_error){
die("Connection failed: ".$con->connect_error);
}
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Retrieve data from database
$sql="select * from login where password='$password' AND username='$username'";
$result = $con->query($sql);
$rows = $result->fetch_assoc();
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
$con->close(); // Closing Connection
}
}
?>
下面是代码。
以下是错误信息。
【问题讨论】:
-
最好的办法是将参数绑定到查询并删除任何
mysql_函数。