我希望检查输入的用户名和密码是否等于存储在mysql数据库中的用户名和密码。
我使用password_hash()来散列密码并将其存储到表中。但我不知道,如何检查它们是否相同。
HTML
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Username: <input type="text" name="username">
<span class="error">* <?php echo $usernameErr;?></span>
<br><br>
Password: <input type="password" name="password">
<span class="error">* <?php echo $passwordErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
PHP
<?php
error_reporting(E_ALL | E_STRICT);
$servername = "localhost";
$serverUsername = "root";
$serverPassword = "";
// Create connection
$conn = mysqli_connect($servername, $serverUsername, $serverPassword);
mysqli_select_db($conn, 'users');
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
if (isset($_POST["submit"])) {
$query = mysqli_prepare($conn, "SELECT * FROM user_logons WHERE Username = ? AND Password = ?");
mysqli_stmt_bind_param ($query , 'ss' , $username , $password);
mysqli_stmt_execute($query);
$username = mysqli_real_escape_string($conn, $_POST["username"]);
$password = password_hash($_POST["password"], PASSWORD_BCRYPT);
mysqli_stmt_close($query);
}
$usernameErr = $passwordErr = "";
mysqli_close($conn);
?>
另外,如果密码被输入,我是否必须转义密码输入?
答案 0 :(得分:3)
您需要再次使用input密码进行哈希处理,然后 将其与您的prepare语句绑定。您需要确保使用的是用于存储的加密方法。
$username = mysqli_real_escape_string($conn, $_POST["username"]);
$password = password_hash($_POST["password"], PASSWORD_BCRYPT);
mysqli_stmt_bind_param ($query , 'ss' , $username , $password);
mysqli_stmt_execute($query);
<强>编辑:
正如@Devon在评论中所建议的那样,你也可以使用 password_verify