Question

像这样加密$ pwd：

$encrypted_password = password_hash($pwd, PASSWORD_DEFAULT);

我的登录php数据，我总是收到错误，无法登录，为什么会这样？

include '../dbh.php';

$uid = $_POST['uid'];
$pwd = $_POST['pwd'];


$sql = "SELECT * FROM user where uid='$uid";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['pwd'];
$hash = password_verify($pwd, $hash_pwd);

if ($hash == 0) {
    echo $pwd;
} else {
    $sql = "SELECT * FROM user WHERE uid='$uid' AND pwd='$hash_pwd'";
    $result = mysqli_query($conn, $sql);

    if (!$row = mysqli_fetch_assoc($result)) {
        echo "Your username or password is incorect";
    } else {
        $_SESSION['id'] = $row['id'];
        echo "You are logged in successfully ";
    }
    header('Location: ../index.php');

}

这是我的错误：

警告：mysqli_fetch_assoc（）要求参数1为mysqli_result，布尔值在第13行的C：\ xampp \ htdocs \ mokausi \ excercise_login_sistema \ includes \ log in.inc.php中给出

Answer 1

你的SQL很糟糕。试试这个：

$sql = "SELECT * FROM user where uid='$uid'";

Answer 2

使用此

$sql="SELECT * FROM users WHERE username='".$username."' and password='".$password."'";

为什么我的哈希和dehashing不起作用

2 个答案: