AutoLoginLWsWeb/20241208/login.php

<meta charset="utf-8">
<?php
session_start();
include_once("db_config.php");
if(isset($_POST['ok'])){
    $name = $_POST['name'];
    $password =$_POST['password'];
    $password = md5($password);
    //此为教学代码，有SQL注入漏洞
    $queryString = "select count(name) as counter from user_70 where name = '$name' and password = '$password'";
    $rs = mysqli_query($link,$queryString);
    if($row = mysqli_fetch_assoc($rs)){
        if($row['counter'] ==1){
            //自动跳转到指定页面
            $_SESSION['studentName'] = $name;
            header("Location:user_info.php");
        }else{
            echo "登录失败，请检查用户名和密码是否正确\t或";
        }
    }
}else{
    $name = "";
}
?>
<body>
<div class="title">用户登录</div>
<form action="" method="post">
    <label for="name">姓名：</label><input type="text" id="name" name="name" value="<?php echo $name;?>"><br>
    <label for="password_1">密码：</label><input type="password" id="password" name="password" value=""><br>
    <input type="submit" id="ok" name="ok" value="ok">
</form>
</body>