- <?PHP
- $name = $_POST["u_name"]; //flag1:$_POST["u_name"]
- $pass = $_POST["u_pass"];
- $sql2 = "select * from admin where username = ? and password= ?";
- $db = new PDO('mysql:host=127.0.0.1;dbname=login;charset=UTF-8', 'root', '123456789');
- //flag2:new PDO('mysql:host=127.0.0.1;dbname=login;charset=UTF-8','root', '123456789');
- $sth = $db->prepare($sql2); //flag3:$db->prepare($sql2);
- $sth->bindParam(1,$name,PDO::PARAM_STR,12);
- //flag4:$sth->bindParam(1,$name,PDO::PARAM_STR,12);
- $sth->bindParam(2,$pass,PDO::PARAM_STR,12);
- $sth->execute();
- $res = $sth->fetch();
- //flag5:$res = $sth->fetch();
- if (empty($res))
- {
- echo "错误!";
- // print_r($sth->errorInfo());
- }else{
- echo "Success!!!!";
- }
来源: http://www.bubuko.com/infodetail-2876553.html