如何检查变量是否与fetch()具有相同的值
I'm currently creating a website where the user can login to an account. For this I need to check if the email and password that has been submitted by the user is the same as those in the MySQL database.
我目前正在创建一个用户可以登录帐户的网站。为此,我需要检查用户提交的电子邮件和密码是否与MySQL数据库中的相同。
This is my code for this;
这是我的代码;
<h2> Log in to an existing account </h2>
<form action = "account.php" method = "POST" id = "log">
<p><label> Email </label> <input type = "text" name = "logmail" ></p>
<p><label> Password </label> <input type = "password" name = "logpass"></p>
<p><input type = "submit" value = "Log in"></p>
if(!empty($_POST['logmail']) && !empty($_POST['logpass']))
{
$sql = ("SELECT customer_mail FROM customer_user WHERE customer_mail = '{$_POST['logmail']}'");
$sql2 = ("SELECT customer_pass FROM customer_user WHERE customer_pass = '{$_POST['logpass']}'");
$stmt = $dbh->prepare($sql);
$stmt2 = $dbh->prepare($sql2);
$stmt->execute();
$stmt2->execute();
var_dump($stmt->fetch());
var_dump($_POST['logmail']);
var_dump($stmt2->fetch());
var_dump($_POST['logpass']);
if($stmt->fetch()[0] == $_POST['logmail'])
{
if($stmt->fetch()[0] == $_POST['logpass'])
{
echo "Logged in";
}
else
{
echo "Wrong password";
}
}
else
{
?> <h2> Wrong email </h2> <?php
}
}
When I try to run this, the var_dumps gives me an arrays stmt->fetch() and stmt2->fetch. In position 0 of those arrays are the emails and passwords of the account I'm trying to login to. They are also the same as what I type into the fields in the form. The var_dumps for the $_POST confirms this.
当我尝试运行它时,var_dumps给我一个数组stmt-> fetch()和stmt2-> fetch。在这些数组的位置0是我正在尝试登录的帐户的电子邮件和密码。它们也与我在表单中的字段中键入的内容相同。 $ _POST的var_dumps确认了这一点。
But even thought they are the exact same, it doesn't trigger the If statement.
但即便认为它们完全相同,也不会触发If语句。
Does anyone know why this might be?
有谁知道为什么会这样?
2 个解决方案
#1
Why not fetchColumn() ? fetchColumn
will by default return the first column of the next row instead of returning the entire row.
为什么不fetchColumn()?默认情况下,fetchColumn将返回下一行的第一列,而不是返回整行。
I didn't realize you were on the same table before. For a login form, you should be doing this a bit different in my opinion.
我没有意识到你之前在同一张桌子上。对于登录表单,我认为你应该这样做有点不同。
You should hash the password with a unique salt for each user. You should never store plain text passwords in your database.
您应该为每个用户使用唯一的盐哈希密码。永远不应该在数据库中存储纯文本密码。
You really only need one query:
你真的只需要一个查询:
$sql = ("SELECT customer_pass FROM customer_user WHERE customer_mail = ?");
Then you can compare the passwords (hopefully hashed)
然后你可以比较密码(希望哈希)
更多相关文章
- linux下mysql的root密码忘记,怎么改root密码
- Linux下修改MySQL初始密码、开启远程登录、授权远程登录用户
- mysql获取某个范围内的随机数,写了个存储过程自动生成随机6为密码
- MySQL按数组值排序
- 向数组添加一组数据库列的问题
- 使用随机盐改进密码哈希
- 阿里云服务器忘记mysql的登录密码时候如何修改密码
- MySQL重新登录密码错误问题
- 如何使用webrequest使用Json数组绘制折线图