Detected 2 occurrence(s) of ‘\s*pass[word]+\s*[:=]\s*["'][a-z0-9\-_\!\$]+["']‘: $user = $_POST["user"]; $pw = $_POST["pw"]; $user = stripslashes($user); $pw = stripslashes($pw); $user = mysql_real_escape_string($user); $pw = mysql_real_escape_string($pw); $sql = "SELECT * FROM $tbl_name WHERE username = '$user' AND password = '$pw'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if($row["password"] == $pw) { // $_SESSION["user"] = $user; $_SESSION["rights"] = $row["rights"]; echo […]
↧