从mysql中选择加密密码
I need to select only the password from the table with the specific username entered through the log in form. I store the password in the encrypted form in the mysql table. So I need to compare the given password and stored password and have to print "logged in successfully". else password is incorrect. this is my code.Now I am getting the output as "1Resource id #4".can any one plz help...
我需要从表中选择只有通过登录表单输入的特定用户名的密码。我将密码以加密形式存储在mysql表中。所以我需要比较给定的密码和存储的密码,并且必须打印“登录成功”。否则密码不正确。这是我的代码。现在我得到输出为“1Resource id#4”。可以任何一个PLZ帮助......
mysql_select_db($dbName);
$user_name=$_POST['name'];
$pswd=$_POST['pswd'];
$res = mysql_query("select * from xxx where Name='$user_name'");
$row = mysql_num_rows($res);
echo $row;
$encpass=mysql_query("SELECT password FROM xxx WHERE Name = '$user_name'");
$result1= mysql_fetch_array($encpass);
echo $result1;
if($row>0)
{
//echo 'hi';
if(md5($pswd)==$result1)
{
echo 'hi';
echo "you have successfully signed in!!!";
//echo $name = $row['Name'];
//header("location:check.html");
}
}
else
echo "you are not a member";
3 个解决方案
#1
You are over complicating this. You don't need to retrieve the passwords from the database. You just need to see if you can select a row which has the username and password that were submitted.
你太复杂了。您无需从数据库中检索密码。您只需要查看是否可以选择包含已提交的用户名和密码的行。
First - get the username and password from the user and get them in the form that matches however you have stored it.
首先 - 从用户那里获取用户名和密码,然后以匹配的形式获取它们,但是你已经存储了它。
$username = $_POST['name'];
$password = my_password_encryption_function( $_POST['pswd'] );
Second - set up your SQL. Use a prepared statement to protect against SQL injection attacks. Your current approach is unsafe and allows users to change the passwords of arbitary users (among other things).
第二 - 设置你的SQL。使用预准备语句来防止SQL注入攻击。您当前的方法是不安全的,并允许用户更改任意用户的密码(以及其他内容)。
$preparedStatement = $db->prepare('SELECT * FROM xxx WHERE Name = :name AND password = :password');
$preparedStatement->execute(array(':name' => $username, ':password' => $password));
$rows = $preparedStatement->fetchAll();
Third - just count the rows returned. If you get one result, the password matched. If you get zero results, the password didn't match.
第三 - 只计算返回的行数。如果您得到一个结果,则密码匹配。如果结果为零,则密码不匹配。
更多相关文章
- Zend数据库适配器-未捕获异常-堆栈跟踪显示用户名和密码
- Windows下 MySQL更新密码
- linux下mysql的root密码忘记,怎么改root密码
- Linux下修改MySQL初始密码、开启远程登录、授权远程登录用户
- mysql获取某个范围内的随机数,写了个存储过程自动生成随机6为密码
- 使用随机盐改进密码哈希
- 阿里云服务器忘记mysql的登录密码时候如何修改密码
- MySQL重新登录密码错误问题
- MySQL5.7以上版本root用户空密码修改(windows系统、zip版MySQL)