我无法获得登录表单以正确连接与mySQL数据库的交互?mysql
关闭。这个问题不能重现或由错别字引起。它当前不接受答案。 想改善这个问题吗? 更新问题,使其成为Stack Overflow 的主题。
4年前关闭。
我想让用户使用用户名和密码登录,并且该数据是否与数据库中的用户名匹配。当我尝试时,我没有收到任何错误,但是没有用。我在Dreamweaver中使用html和php,在phpMyAdmin中使用WAM。我将同时包括表单文档和随附的php文档:
loginpage.php
| Username | |
| Password | |
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
-
此答案适用于hashing,password_hash()和password_verify()。对于mysqli和pdo。底部的链接具有其他链接以及有关盐等的某些语言。
至关重要的是不要将用户提供的数据直接用于选择和插入。而是绑定参数并调用准备好的语句,以避免sql注入攻击。永远不要将密码以明文形式保存在数据库中。而是应通过单向哈希发送它们。
另请注意。这显示了注册哈希和登录验证。它不是完整的功能,我想花10美元在codecanyon上用... ...这样它表明一个电子邮件地址(登录名)的重新注册已经存在,确实会更新,请注意。在这种情况下,由于数据库中设置了唯一键,因此插入将完全失败。我将其留给读者(读者)进行查找,然后说“电子邮件已注册”。
架构图 CREATE TABLE
user_accounts2(idint(11) NOT NULL AUTO_INCREMENT,emailvarchar(100) NOT NULL,passwordvarchar(255) NOT NULL, PRIMARY KEY (id), unique key(email) -- that better be the case ) ENGINE=InnoDB; 通过register.php运行并保存用户后,数据可能如下所示:select * from user_accounts2; +----+-----------+--------------------------------------------------------------+ | id | email | password | +----+-----------+--------------------------------------------------------------+ | 1 | d@d.com | $2y$10$U6.WR.tiOIYNGDWddfT7kevJU8uiz8KAkdxXpda9e1xuplhC/eTJS | +----+-----------+--------------------------------------------------------------+ mysqli部分第一
register.php
connect_error) { die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error); } //echo "I am connected and feel happy.
"; $query = "INSERT INTO user_accounts2(email,password) VALUES (?,?)"; $stmt = $mysqli->prepare($query); // note the 2 s's below, s is for string $stmt->bind_param("ss", $email,$hp); // never ever use non-sanitized user supplied data. Bind it $stmt->execute(); // password is saved as hashed, will be verified on login page with password_verify() $iLastInsertId=$mysqli->insert_id; // do something special with this (or not) // redirect to some login page (for now you just sit here) $stmt->close(); $mysqli->close(); } catch (mysqli_sql_exception $e) { throw $e; } } ?> login.php connect_error) { die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error); } //echo "I am connected and feel happy.
"; $query = "select id,email,password from user_accounts2 where email=?"; $stmt = $mysqli->prepare($query); // note the "s" below, s is for string $stmt->bind_param("s", $email); // never ever use non-sanitized user supplied data. Bind it $stmt->execute(); $result = $stmt->get_result(); if ($row = $result->fetch_array(MYSQLI_ASSOC)) { $dbHashedPassword=$row['password']; if (password_verify($ctPassword,$dbHashedPassword)) { echo "right, userid="; $_SESSION['userid']=$row['id']; echo $_SESSION['userid']; // redirect to safe.php (note safeguards verbiage at top of this file about it) } else { echo "wrong"; // could be overkill here, but in logout.php // clear the $_SESSION['userid'] } } else { echo 'no such record'; } // remember, there is no iterating through rows, since there is 1 or 0 (email has a unique key) // also, hashes are one-way functions in the db. Once you hash and do the insert // there is pretty much no coming back to cleartext from the db with it. you just VERIFY it $stmt->close(); $mysqli->close(); } catch (mysqli_sql_exception $e) { throw $e; } } ?>下面的pdo部分当我有时间时,大概是明天,但是现在我将您引向我的答案。来源:stack overflow
2020-05-13 14:38:44赞同 展开评论