之前登陆时进入正常,后来却成了在输入用户名时,比如输入user和psw登陆,用户名却返回:www.XXX.com\user

这是怎么回事?
好象代码没问题.是不是$_SERVER[PHP_AUTH_USER]这里无法正常获取了?不排除服务器更改设置的原因.
有什么解决办法么?望高人都给指教下.


PS:我总感觉好象 $sql = "select `username`,`password` from user where username='$_SERVER[PHP_AUTH_USER]' and password='$md5_password'"; 里面$_SERVER[PHP_AUTH_USER]直接放到SQL里查询,是不是应该会有注入漏洞啊?

[PHP]<?php

function access_denied() {

echo "登陆失败!";

}



function auth_headers($title) {

@Header("WWW-Authenticate: Basic realm=$title");

@Header("HTTP/1.0 401 Unauthorized");

}




if(!isset($_SERVER['PHP_AUTH_USER'])) {

auth_headers("Real!");

access_denied();

exit;

}

else {

$md5_password = md5($_SERVER['PHP_AUTH_PW']);

$sql = "select `username`,`password` from user where username='$_SERVER[PHP_AUTH_USER]' and password='$md5_password'";


$result = $q->query($sql);

if ($q->num_rows($result) == 0) {

auth_headers("Real!");

access_denied();

exit;

}

}





//遍历POST&GET数组

//reset($HTTP_POST_VARS);

while( list($k, $v) = each($HTTP_POST_VARS) ){

$postvar[$k] = $v;

}

//reset($HTTP_GET_VARS);

while( list($k, $v) = each($HTTP_GET_VARS) ){

$getvar[$k] = $v;

}

?>[/PHP]