您好我是php编程新手并试图创建加密密码但问题是它总是为不同的密码生成相同的md5而我无法使用login.php登录这是我的代码
<?php
$name = $_POST['name'];
$password = md5($_POST['password']);
if($name && $password){
mysql_connect("localhost","root","") or die(mysql_error);
mysql_select_db("myfirstdatabase") or die(mysql_error);
$query = mysql_query("SELECT * FROM usernames WHERE name='$name'");
$numrows = mysql_num_rows($query);
if ($numrows != 0){
while ($row = mysql_fetch_assoc($query)){
$dbname = $row['name'];
$dbpassword = $row['password'];
}
if ($name==$dbname){
if($password==$dbpassword){
header("location: users.php");
}else {
echo "Your password is incorrect!";
}
}else{
echo "Your name is incorrect!";
}
}else {
echo "Name is not registered!";
}
}else{
echo "You have to type a name and password";
}
?>
答案 0 :(得分:0)
您必须执行以下操作: -
setTimeout(alert(2), 0);
alert(1);
<强> 建议: -
1.不要使用<?php
error_reporting(E_ALL); // check all errors
ini_set('display_errors',1);// show all errors
if(isset($_POST['name']) && isset($_POST['password'])){
$conn = mysqli_connect("localhost","root","","myfirstdatabase");
if($conn){
$name = mysqli_real_escape_string($conn,$_POST['name']);
$password = mysqli_real_escape_string($conn,md5($_POST['password']));
$query = mysqli_query($conn,"SELECT * FROM usernames WHERE name= $name AND password = $password");
if(mysqli_num_row($query)>0){
header("location: users.php");
}else {
echo "user name or password is incorrect!";
}
}else{
echo "deb connection error:-".mysqli_connect_error();
}
}else{
echo "Please fill form fully";
}
?>
(从php5.5开始弃用并从php7中删除)。使用mysql_*或mysqli_*
2.使用密码拥存机制而不是PDO。
3.使用md5或prepared的{{1}}语句来阻止您的代码来自mysqli。