这是我第一次尝试使用命名占位符,所以我确定我在某处有语法错误...我只是没有看到它。我按照我找到的指示here。我希望数组$authResults包含具有$ user信息的行,如果密码匹配$ pass。
如果我的查询只是SELECT * FROM user则可行。显然,这在生产环境中不起作用。 : - )
这是我到目前为止所拥有的:
$user= "Test";
$pass= "ba6c064dfdb1b7b4938bf82585a8332c89270303b6d75007f0b25feffe33b90bd34d3732acf4be708c85708c39ff6c28b87235663238b8fbfe2c4439258cc883";
$db = new PDO('mysql:host=localhost;dbname=test;charset=utf8', 'admin', 'pass');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//query database to see if username/password match up
$authQuery = $db->prepare("SELECT * FROM user WHERE username=:usr AND password=:pwd"); // search for username and password
$authQuery->bindValue(':usr', $user, PDO::PARAM_STR);
$authQuery->bindValue(':pwd', $pass, PDO::PARAM_STR);
$authQuery->execute();
$authResults = $authQuery->fetchAll(PDO::FETCH_ASSOC);
echo "<br><br>authResults:<pre>";
print_r($authResults);
echo "</pre>";
思考?
这是在我的文件末尾回显的输出:
authResults:
Array
(
)
没有错误消息。 PHP变量或MySQL查询是否有字符限制?
答案 0 :(得分:1)
这只是意味着您的查询没有匹配任何内容。请注意您的用户/通行证如何存储在表格中。
答案 1 :(得分:1)
要回答你的问题,你问你将如何解决这个问题:
// simple database structure
CREATE TABLE usrpwdkeys(
usr TINYBLOB NOT NULL,
pwd TINYBLOB NOT NULL
)ENGINE=INNODB;
INSERT usrpwdkeys VALUES ('C@x9H7^nb*','a_MF8B2&bx');
CREATE TABLE usrpwd(
pk BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
usr BLOB NOT NULL,
pwd BLOB NOT NULL
)ENGINE=INNODB;
// put your database connection on a secure page - restricted/connect.php
<?php
function db(){
return new mysqli('host', 'username', 'password', 'database');
}
// putting the results into the database - newuser.php
<?php
$error = '';
if(isset($_POST['sub']) && !empty($_POST['user']) && !empty($_POST['pass'])){
include_once 'restricted/connect.php'; $db = db();
if($db->connect_error)die('connection failed');
$upk = $db->query('SELECT * FROM usrpwdkeys'); $kys = $upk->fetch_row();
$upk->free(); $usr = $db->real_escape_string(trim($_POST['user']));
$pwd = sha1(md5($usr).$db->real_escape_string(trim($_POST['pass'])).'a5cJ');
$uxs = $db->query("SELECT pk FROM usrpwd WHERE usr=AES_ENCRYPT('$usr','$upk[0]')");
if($uxs->num_rows > 0){
$error = 'Username in Use'; // error on password shows too much
}
elseif($db->query("INSERT usrpwd (usr,pwd) VALUES (AES_ENCRYPT('$usr','$upk[0]'), AES_ENCRYPT('$pwd','$upk[1]'))")){
header('LOCATION:wherever.php'); // goes to other page
}
else{
die('problem');
}
$uxs->free(); $db->close();
}
// Should be much more complex than just this - HTML structure should be below
// simple login - login.php
session_start(); $error = '';
if(isset($_POST['sub']) && !empty($_POST['user']) && !empty($_POST['pass'])){
include_once 'restricted/connect.php'; $db = db();
if($db->connect_error)die('connection failed');
$upk = $db->query('SELECT * FROM usrpwdkeys'); $kys = $upk->fetch_row();
$upk->free(); $usr = $db->real_escape_string(trim($_POST['user']));
$pwd = sha1(md5($usr).$db->real_escape_string(trim($_POST['pass'])).'a5cJ');
$log = $db->query("SELECT pk FROM usrpwd WHERE usr=AES_ENCRYPT('$usr','$upk[0]') && pwd=AES_ENCRYPT('$pwd','$upk[1]')");
if($log->num_rows > 0){
$_SESSION['log'] = 'Ao@8a!45'; $_SESSION['usr'] = $usr;
header('LOCATION:wherever.php'); // goes to other page that should retest against database
}
else{
$error = 'Invalid Password and/or Username';
}
$log->free(); $db->close();
}
// once again should be way more complex
当然,您可能希望使用正则表达式作为用户名和密码。库PHPglue可以处理大部分(如果不是全部)Stick Form正则表达式错误处理。