使用mysql PASSWORD函数将mysqli_query转换为mysqli准备的语句 [英] Convert from mysqli_query to mysqli prepared statement using mysql PASSWORD function

问题描述

除了一个查询，我已经将我的网站从mysql转换为mysqli准备好的语句.我不知道的查询是:

I have converted my website from mysql to mysqli prepared statements except for one query. The query I can't figure out is:

$sql = "SELECT customerID FROM customer WHERE customerEmail = '$loginEmailAddress' AND customerPassword = PASSWORD('$loginPassword');";
$result = mysqli_query($mysqli, $sql);

这很好.当我尝试制作mysqli准备的语句时，问题是mysql的PASSWORD函数.甚至可以转换吗?

This works fine. When I try to make an mysqli prepared statement, the problem is the mysql PASSWORD function. Is it even possible to convert this?

我尝试过类似的事情:

$loginPassword = PASSWORD($loginPassword);

$stmt = $mysqli -> prepare("SELECT customerID from customer WHERE customerEmail = ? AND customerPassword =  ? ");
$stmt -> bind_param("ss", $loginEmailAddress,$loginPassword);
$stmt -> execute();
$stmt->store_result();
$stmt -> bind_result($customerID);
$stmt -> close();

当然没有成功.我也尝试过类似的事情:

and of course no success. I also tried things like:

$loginPassword  = '" . PASSWORD('$loginPassword') . "';

我正在努力使用phpass，但与此同时，我需要为现有客户继续使用PASSWORD，直到他们登录，然后我才能将其移至新的哈希值.

I am working toward using phpass, but in the meantime I need to keep using PASSWORD for my existing customers until they login and I can move them to the new hash.

推荐答案

PASSWORD()是MySQL函数.它是SQL的一部分.您只需要参数化传递给此函数的参数即可.

PASSWORD() is a MySQL function. It is part of the SQL. You only need to parameterize the argument you pass to this function.

$stmt = $mysqli -> prepare("SELECT customerID 
    FROM customer 
    WHERE customerEmail = ? AND customerPassword = PASSWORD(?) ");
$stmt -> bind_param("ss", $loginEmailAddress,$loginPassword);
$stmt -> execute();

警告:
仅存储使用PHP的 password_hash() 创建的密码哈希然后使用 password_verify() 进行验证.看看这篇文章:如何使用password_hash 并了解有关

Warning:
Only store password hashes created using PHP's password_hash(), which you can then verify using password_verify(). Take a look at this post: How to use password_hash and learn more about bcrypt & password hashing in PHP

警告:

此功能从MySQL 5.7.6开始不推荐使用，并将在以后的MySQL版本中删除.

This function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.

PASSWORD()由MySQL Server中的身份验证系统使用；您不应在自己的应用程序中使用它.

PASSWORD() is used by the authentication system in MySQL Server; you should not use it in your own applications.

这篇关于使用mysql PASSWORD函数将mysqli_query转换为mysqli准备的语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！