PHP mySQL检查用户名和密码是否在数据库中 [英] PHP mySQL check if username and password are in the database
问题描述
我想让我的代码检查用户名和密码是否存在于我的数据库中。
它的工作硬编码,但我想要做一个数据库。现在这是我有:
I want my code to check if the username and password exist in my database. It does work hardcoded, but I want to do it with a database.Right now this is what I have:
if(isset($_POST["name"], $_POST["password"]))
{
$name = $_POST["name"];
$password = $_POST["password"];
$result1 = mysql_query("SELECT password FROM Users WHERE username = '".$name."'");
$result2 = mysql_query("SELECT username FROM Users WHERE password = '".$password."'");
if($name == $result2 && $password == $result1)
{
$_SESSION["logged_in"] = true;
$_SESSION["naam"] = $name;
}
else
{
echo'The username or password are incorrect!';
}
}
问题出现在 result1 / 2 part我想,因为当我在我的网站使用正确的用户名和密码时,它给出了不正确的消息。
The problem is in the result1/2 part I think, cause when I use the right username and password in my site it gives the incorrect message.
该查询也工作了,在PHPmyAdmin中尝试它,但没有 $ name 部分,我用用户名替换它
Oh yes and the query works too, tried it in PHPmyAdmin but then without the $name part which I replaced it with the username
推荐答案
您可以使用 mysql_num_rows()并结合查询 - 查看脚注
You can use mysql_num_rows() and combine your query - See footnotes
if(isset($_POST["name"], $_POST["password"]))
{
$name = $_POST["name"];
$password = $_POST["password"];
$result1 = mysql_query("SELECT username, password FROM Users WHERE username = '".$name."' AND password = '".$password."'");
if(mysql_num_rows($result1) > 0 )
{
$_SESSION["logged_in"] = true;
$_SESSION["naam"] = $name;
}
else
{
echo 'The username or password are incorrect!';
}
}
为了使您的代码更安全,使用:
In order to make your present code a bit more secure, use:
$name = stripslashes($_POST["name"]);
$name = mysql_real_escape_string($_POST["name"]);
$password = stripslashes$_POST["password"]);
$password = mysql_real_escape_string$_POST["password"]);
,但请查看以下关于使用预准备语句和密码散列的链接。
but do look at the links below about using prepared statements and password hashing.
脚注:
Footnotes:
您的现有代码向 SQL注入 开放。使用 预准备语句 ,或 已准备好的语句的PDO 。请访问这些链接了解详情。
Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements. Visit those links for more information.
我注意到您可能以纯文本格式存储密码。
I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.
如果你是一个LIVE网站,你最终会被黑客入侵。
If you are and this is a LIVE site, you will eventually get hacked.
我建议您使用 CRYPT_BLOWFISH 或PHP 5.5的 password_hash() 函数。对于PHP& 5.5使用 password_hash()兼容包 。
I recommed you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
mysql _ * 函数弃用通知:
http://www.php。 net / manual / en / intro.mysql.php
此扩展程序自PHP 5.5.0起已不推荐使用,建议不要将新代码写入它将在未来被删除。相反, mysqli 或<应使用href =http://www.php.net/manual/en/ref.pdo-mysql.php =nofollow noreferrer> PDO_MySQL 扩展名。另请参见 MySQL API概述 进一步帮助选择MySQL API。
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
这些函数允许您访问MySQL数据库服务器。有关MySQL的详细信息,请访问» http://www.mysql.com/ 。
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
MySQL的文档可以在» http:// dev .mysql.com / doc / 。
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
编辑
尝试替换
if(mysql_num_rows($result1) > 0 )
{
$_SESSION["logged_in"] = true;
$_SESSION["naam"] = $name;
}
else
{
echo 'The username or password are incorrect!';
}
与:
while($row=mysql_fetch_assoc($result1))
{
$check_username=$row['username'];
$check_password=$row['password'];
}
if($username == $check_username && $password == $check_password){
echo "Matches.";
}
else{
echo "No match.";
}
这篇关于PHP mySQL检查用户名和密码是否在数据库中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
