使用mysql PASSWORD函数将mysqli_query转换为mysqli准备的语句 [英] Convert from mysqli_query to mysqli prepared statement using mysql PASSWORD function
问题描述
除了一个查询,我已经将我的网站从mysql转换为mysqli准备好的语句.我不知道的查询是:
I have converted my website from mysql to mysqli prepared statements except for one query. The query I can't figure out is:
$sql = "SELECT customerID FROM customer WHERE customerEmail = '$loginEmailAddress' AND customerPassword = PASSWORD('$loginPassword');";
$result = mysqli_query($mysqli, $sql);
这很好.当我尝试制作mysqli准备的语句时,问题是mysql的PASSWORD函数.甚至可以转换吗?
This works fine. When I try to make an mysqli prepared statement, the problem is the mysql PASSWORD function. Is it even possible to convert this?
我尝试过类似的事情:
$loginPassword = PASSWORD($loginPassword);
$stmt = $mysqli -> prepare("SELECT customerID from customer WHERE customerEmail = ? AND customerPassword = ? ");
$stmt -> bind_param("ss", $loginEmailAddress,$loginPassword);
$stmt -> execute();
$stmt->store_result();
$stmt -> bind_result($customerID);
$stmt -> close();
当然没有成功.我也尝试过类似的事情:
and of course no success. I also tried things like:
$loginPassword = '" . PASSWORD('$loginPassword') . "';
我正在努力使用phpass,但与此同时,我需要为现有客户继续使用PASSWORD,直到他们登录,然后我才能将其移至新的哈希值.
I am working toward using phpass, but in the meantime I need to keep using PASSWORD for my existing customers until they login and I can move them to the new hash.
推荐答案
PASSWORD()
是MySQL函数.它是SQL的一部分.您只需要参数化传递给此函数的参数即可.
PASSWORD()
is a MySQL function. It is part of the SQL. You only need to parameterize the argument you pass to this function.
$stmt = $mysqli -> prepare("SELECT customerID
FROM customer
WHERE customerEmail = ? AND customerPassword = PASSWORD(?) ");
$stmt -> bind_param("ss", $loginEmailAddress,$loginPassword);
$stmt -> execute();
警告:
仅存储使用PHP的 password_hash()
创建的密码哈希然后使用 password_verify()
进行验证.看看这篇文章:如何使用password_hash 并了解有关
Warning:
Only store password hashes created using PHP's password_hash()
, which you can then verify using password_verify()
. Take a look at this post: How to use password_hash and learn more about bcrypt & password hashing in PHP
警告:
此功能从MySQL 5.7.6开始不推荐使用,并将在以后的MySQL版本中删除.
This function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
PASSWORD()由MySQL Server中的身份验证系统使用;您不应在自己的应用程序中使用它.
PASSWORD() is used by the authentication system in MySQL Server; you should not use it in your own applications.
这篇关于使用mysql PASSWORD函数将mysqli_query转换为mysqli准备的语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!