使用PDO准备语句插入密码哈希 [英] Insert password hash using PDO Prepared Statements
问题描述
在基本的mysql插入中,您可以设置密码变量'PASSWORD($ password)',但这会破坏PDO语句.
In a basic mysql insert you are able to set a password variable 'PASSWORD($password)' but this breaks a PDO statement.
在使用pdo :: prepare和pdo :: execute时如何哈希密码?
How do you hash the password while using pdo::prepare and pdo::execute?
$sql= "INSERT INTO contractors (userid, password, name) VALUES ('$userid', '$pass1', '$name')";
$result = $dbh->prepare($sql);
$count = $result->execute();
Echo $count."<br>";
我就是n00b,一个简单的注册页面花了我两天时间.欢迎幼儿园的答案.
I am such a n00b, a simple registration page has taken me two days. Kindergarten answers are welcomed.
谢谢
推荐答案
如果要使用MD5进行哈希处理,可以在构造SQL语句之前使用密码进行以下操作:
If you wanted to hash using MD5, you could do the following with the password before constructing the SQL statement:
$pass1 = md5($pass1);
$sql = "INSERT INTO contractors ( userid, password, name ) VALUES ( '$userid', '$pass1', '$name' )";
$result = $dbh->prepare($sql);
$count = $result->execute();
echo $count."<br>";
即使是另一个哈希函数,其想法也是相同的.在构造SQL语句之前先对密码进行哈希处理.
The idea is the same even if it is another hash function. Hash the password before constructing the SQL statement.
以 Fiarr 和 VoteyDisciple 在下面的评论中指出,选择SHA哈希是因为它更安全.
As Fiarr and VoteyDisciple have noted in the comments below, opt for a SHA hash as it is more secure.
这篇关于使用PDO准备语句插入密码哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!