对于PHP中的哈希,我编写了此代码,但是它不起作用。当我转到phpMyAdmin上的数据库时,密码未进行哈希处理。我检查了一些论坛,但没有解决方案。我做了测试,当我输入echo "smthg"; echo password_hash(...)时,它可以在浏览器上运行,但是不能在数据库中运行。我不知道解决方案。非常感谢您的帮助。
这是命令:
else {
$hashedpwd = password_hash ($password, PASSWORD_DEFAULT);
//INSERT THE USERT INTO THE DATABASE
$sql = "INSERT INTO users (last_name, first_name,email,username,pwd)
VALUES ('$Name', '$Prenom', '$username','$email', '$password');";
mysqli_query($conn,$sql);
header("Location: ../signup.php?signup=done");
exit();
}
答案 0 :(得分:4)
您没有存储哈希密码,而是存储了输入的密码
else {
$hashedpwd = password_hash ($password, PASSWORD_DEFAULT);
//INSERT THE USERT INTO THE DATABASE
$sql="INSERT INTO users
(last_name, first_name,email,username,pwd)
VALUES ('$Name', '$Prenom', '$username','$email', '$hashedpwd')";
// change made here ------------------------------------------^^^^^^^^^^^
mysqli_query($conn,$sql);
header("Location: ../signup.php?signup=done");
exit();
}
大提示,您的脚本向SQL Injection Attack敞开 甚至if you are escaping inputs, its not safe! 在
MYSQLI_或PDOAPI中使用prepared parameterized statements
使用准查询的示例
else {
$hashedpwd = password_hash ($password, PASSWORD_DEFAULT);
//INSERT THE USERT INTO THE DATABASE
$sql="INSERT INTO users
(last_name, first_name,email,username,pwd)
VALUES (?,?,?,?,?)";
//mysqli_query($conn,$sql);
$stmt = $conn->prepare($sql);
$stmt->bind_param('sssss', $Name, $Prenom,
$username, $email,
$hashedpwd);
$stmt->execute();
header("Location: ../signup.php?signup=done");
exit();
}