I am making a login form on my site, and need a little bit of help. I keep receiving an error when I use this script:
<?php
$em = $_REQUEST["email"];
$pa = md5($_REQUEST["password"]);
//connectioninfo hidden
$connectionInfo = array( "UID"=>$uid,
"PWD"=>$pwd,
"Database"=>$databaseName);
$conn = sqlsrv_connect( $serverName, $connectionInfo);
$tsql = "SELECT email, password FROM users WHERE email = $em AND password = $pa";
$stmt = sqlsrv_query( $conn, $tsql);
if($stmt)
{
$ot =
"Hi, " . $em;
}
else
{
$ot =
"<p>Oh, no! My Account is currently unavailable right now, please try again later.</p>";
}
?>
The error I keep getting is:
Oh, no! My Account is currently unavailable right now, please try again later.
开发者_开发技巧Can someone please hel me understand why it is not displaying the Hi, $em message when I login ,and how I may go about fixing it.
Also, just to get this out of the way, yes, I am using the correct login details. :)
Thanks jase
You have several issues:
- You're using REQUEST instead of POST. You really should use POST.
- Your code is vulnerable to SQL injection: http://php.net/manual/en/security.database.sql-injection.php
- You have no quotes around your string literals, which is likely causing your problem.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论