<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>无标题文档</title>
</head>
<body>
<form action="chuli.php" method="post">
<div>用户名:<input type="text" name="uid" /></div>
<div>密码:<input type="password" name="pwd" /></div>
<div><input type="submit" value="登录" /></div>
</form>
</body>
</html>
<?php
$uid = $_POST["uid"];
$pwd = $_POST["pwd"];
//造连接对象
$db = new MySQLi("localhost","root","123","mydb");
//写SQL语句
//SQL注入攻击
$sql = "select password from login where username='{$uid}'";
//执行SQL语句
$reslut = $db->query($sql);
$n = $reslut->fetch_row();
if($uid!="" && $pwd !="" )
{
if($n[0]==$pwd)
{
header("location:main.php");
}
else
{
echo "用户名或密码错误!";
}
}
else
{
echo "用户名密码不能为空";
}