how to protect POST function

This question already has an answer here:

  • The definitive guide to form-based website authentication [closed] 12 answers

  • you should use md5() on your password value and not the mysql_real_escape_string() return value.

    so first correct this:

    passad = mysql_real_escape_string(md5($_POST["password"]));
    

    由于你的passad变量被散列,我想你必须比较这样的散列变量

    if(md5("passadmin") == $passad)
    
    链接地址: http://www.djcxy.com/p/3728.html

    上一篇: 我应该如何为CodeIgniter选择一个认证库?

    下一篇: 如何保护POST功能