Php 检查用户名和密码
我正在尝试创建一个php用户名和密码检查器,但无法使其工作,以下是代码:Php 检查用户名和密码,php,Php,我正在尝试创建一个php用户名和密码检查器,但无法使其工作,以下是代码: <?php $servername = "iphere"; $user = "userhere"; $pass = "passwordhere"; $dbname = "databasehere"; try { $username = $_GET['username']; $password = $_GET['password']; $conn = new PDO("mysql:host=$
<?php
$servername = "iphere";
$user = "userhere";
$pass = "passwordhere";
$dbname = "databasehere";
try {
$username = $_GET['username'];
$password = $_GET['password'];
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $user, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT username FROM users WHERE username = :name AND password = :password");
$stmt->bindParam(':name', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
if($username == $result && $password == $result)
{
echo "OK";
}
else
{
echo "not OK";
}
}
catch(PDOException $e) {
echo "Error";
}
$conn = null;
?>
它没有给出任何错误或任何东西。它只是呼应OK,就这样。顺便说一句,我在另一个项目中使用GET。因此,我稍后将对其进行更改。除非出现错误,否则: 将始终为布尔值
truetrue计算从数据库返回的行数。忽略以下事实:
- 你的密码是明文的
- 您无缘无故地使用bindParam
危险:“根本不散列”是;你需要知道你的用户的密码。也许是时候打印($result)?永远不要用纯文本存储密码,阅读手册
setFetchMode$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
if($username == $result && $password == $result)
$stmt = $pdo->prepare("SELECT COUNT(*) AS user_exists FROM users WHERE username = :username AND password = :password");
$stmt->execute([':username' => $username, ':password' => $password]);
// This will return the value of first column, our query will always produce 1 row with 1 column
$exists = $stmt->fetchColumn();
// If you are using MySQL ND (native driver), then the above result will be
// accurately represented as an integer so we can use it in an if() statement like this
if($exists)
{
echo "OK!";
}
else
{
echo "Not ok!";
}