我的数据库始终返回找到1行作为匹配条件,username和password(此处为passhash)都是正确的。
我可以输入正确的username而不是password或随机password,但仍然会返回找到与该条件匹配的1行。
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = md5(sha1($pass+"salt123")+"salt123");
$sql = "SELECT * FROM users WHERE username='$user' AND passhash='$phash'";
$result = $conn->query($sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
echo "Welcome $user, you have successfully logged in!<br />";
}
else
{
echo "username or password is incorrect!";
}