授權用戶從MySQL數據庫

Question

我吮吸PHP，並找不到錯誤在這裏。該腳本從html中獲取2個變量「username」和「password」，然後檢查它們是否與MySQL數據庫相關。當我運行此我得到後續的錯誤「的查詢是空的」

<? 
if ((!$_POST[username]) || (!$_POST[password])) { 
    header("Location: show_login.html"); 
    exit; 
} 
$db_name = "testDB"; 
$table_name = "auth_users"; 
$connection = @mysql_connect("localhost", "admin", "pass") or die(mysql_error()); 
$db = @mysql_select_db($db_name, $connection) or die(mysql_error()); 
$slq = "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')"; 
$result = @mysql_query($sql, $connection) or die(mysql_error()); 
$num = mysql_num_rows($result); 
    if ($num != 0) { 
     $msg = "<p>Congratulations, you're authorised!</p>"; 
    } else { 
     header("Location: show_login.html"); 
     exit; 
    } 
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Secret Area</title> 
</head> 

<body> 
<? echo "$msg"; ?> 

</body> 
</html> 

Answer 1

你傳遞給$sqlmysql_query但實際上你存儲在查詢中$slq