以我的評論為基礎:
$con=mysql_connect("localhost","root","");
mysql_select_db("myphone",$con);
if(isset($_POST['btsubmit'])){
$username=(!empty($_POST['txtname']))?mysql_real_escape_string($_POST['txtname']):false;
$password=(!empty($_POST['txtname']))?mysql_real_escape_string($_POST['txtpass']):false;
if($username===false || $password===false){die('Username or password is blank!');}
$sql="SELECT AccountName FROM tbuser WHERE AccountName='$username' AND Password='$password' LIMIT 1";
$query=mysql_query($sql);
if(mysql_num_rows($query)==1){
$row = mysql_fetch_assoc($query);
$_SESSION['AccountName']=$row['AccountName'];
$_SESSION['LoggedIn']=TRUE;
header("Location: ./welcome.php");
exit();
}else{
echo "Fail";
}
}
?>