更新时间:2023-11-27 23:48:10
您正在手动在用户名周围添加空格,以使其看起来不存在:
You are manually adding spaces around your username so it will look like it does not exist:
$query = "SELECT * from User WHERE username=' ".$username." ' ";
^ ^
应该是:
$query = "SELECT * from User WHERE username='".$username."' ";
使用准备好的语句将一劳永逸地避免该问题和潜在的sql注入问题:
Using a prepared statement would avoid that problem and potential sql injection problems in one go:
$query = "SELECT * from User WHERE username=?";
还要确保您始终使用表名和列名:User
不一定与user
相同.
Also make sure you consistently use your table- and column names: User
is not necessarily the same as user
.
Also note that you should never store plain-text passwords in a database, you should salt and hash them.