Хорошо. Поэтому я сделал форму. Если я поместил mysql_real_escape_string в мою переменную $usrname (да, ее $usrname ), которая была извлечена из формы, она возвращает мою другую переменную, $verify как false . Взглянуть:
<html> <body> <?php session_start(); include("mainmenu.php"); $usrname = $_POST['usrname']; $password = sha1($_POST['password']); $con = mysql_connect("localhost", "root", "Y0U_C@NT_H@NDLE_THE_TRUTH!"); if(!$con){ die("Unable to establish connection with host. We apologize for any inconvienience."); } mysql_select_db("users", $con) or die("Can't connect to database."); $select = "SELECT * FROM `data` WHERE usrname = '$usrname' and password = '$password'"; $query = mysql_query($select); $verify = mysql_num_rows($query); if($verify==1){ $_SESSION["valid_user"] = $usrname; header("location:index.php"); } else{ echo "Wrong username or password. Please check that CAPS LOCK is off."; echo "<br/>"; echo "<a href=\"index.php\">Back to login</a>"; } mysql_close($con); ?> </body>в<html> <body> <?php session_start(); include("mainmenu.php"); $usrname = $_POST['usrname']; $password = sha1($_POST['password']); $con = mysql_connect("localhost", "root", "Y0U_C@NT_H@NDLE_THE_TRUTH!"); if(!$con){ die("Unable to establish connection with host. We apologize for any inconvienience."); } mysql_select_db("users", $con) or die("Can't connect to database."); $select = "SELECT * FROM `data` WHERE usrname = '$usrname' and password = '$password'"; $query = mysql_query($select); $verify = mysql_num_rows($query); if($verify==1){ $_SESSION["valid_user"] = $usrname; header("location:index.php"); } else{ echo "Wrong username or password. Please check that CAPS LOCK is off."; echo "<br/>"; echo "<a href=\"index.php\">Back to login</a>"; } mysql_close($con); ?> </body>
Если я поместил mysql_real_escape_string в мою регистрационную форму или форму входа, она вернет $verify как false . Что не так?