Small PHP database problems

PHP database user verification

$ Con = mysql_connect ("localhost", "root", "123456 ");
If (! $ Con)
{
Die ('could not connect: '. mysql_error ());
}
Mysql_query ("set names 'utf8'"); // sets the character SET
Mysql_select_db ("manage", $ con); // select a database
$ Sql1 ="
Select count (*)
From user
Where username = "". $ _ POST ['name']. "" and password = "". $ _ POST ['password']. ""
LIMIT 1
";
$ Result = mysql_query ($ sql1, $ con );
An error is reported in red. The predecessors have two problems: first, how should we change the current format to make it correct. Second, what do you do when verifying user information? Which is relatively simple.

Reply to discussion (solution)

$sql1="select count(*)from userwhere username='".$_POST['name']."' and password='".$_POST['password']."'LIMIT 1";

Then, use mysql_num_rows to determine whether the row is equal to 1.

Username = '". mysql_real_escape_string ($ _ POST ['name'])."' and password = '". mysql_real_escape_string ($ _ POST ['password'])."

It is best to take a simple anti-injection measure.

Http://php.net/manual/en/function.mysql-real-escape-string.php

Php5.5 or later, use mysqli_real_escape_string () or PDO: quote ()

$sql1 = "select count(*)from userwhere username='".$_POST['name']."' and password=='".$_POST['password']."'";

Or

$sql1 = "select count(*)from userwhere username='$_POST[name]' and password='$_POST[password]'";

LIMIT 1 is not required
Because no group clause exists, the clustering function only obtains one record.

It is necessary to perform escape processing on the incoming data, so that it can be done at the entrance of the program.
$ _ POST = array_map ('MySQL _ real_escape_string ', $ _ POST );

$ _ POST = array_map ('MySQL _ real_escape_string ', $ _ POST );

If $ _ POST is empty, will an error be reported?

If you use '$ _ POST [name]' directly in an SQL statement, will it not cause errors ..
Generally, you should first judge it, such as ISSET.