美好的一天
我在数据库中添加了一个列,我想在其中使用现有密码,对其进行哈希处理,并使用新的哈希密码更新passwordNonMd5列。我已经包含了回声,以测试每个密码都在接收分配的哈希值。但是我的数据库将在所有passwordNonMd5行中仅使用一个哈希密码进行更新。
有人可以指出我的错误吗?
谢谢
include_once 'dbh.php';
ini_set('max_execution_time', 300);
ini_set('memory_limit','1000M');
$query = "SELECT password FROM users";
if ($result = mysqli_query($conn, $query)) {
while ($row = mysqli_fetch_assoc($result)) {
$password = $row["password"];
echo "$password ";
$newHash = password_hash($password, PASSWORD_DEFAULT);
echo "New Hash is: " . $newHash . "\n";
$insert = "UPDATE users SET passwordNonMd5 = '$newHash'
WHERE password = $password";
$query_run = mysqli_query($conn, $insert);
}
}
答案 0 :(得分:1)
类似的事情应该起作用:
$sql = 'SELECT * FROM users';
$res = mysqli_query( $conn, $sql );
while( $row = mysqli_fetch_assoc($res) ) {
// You could salt the password here to make hashes more likely to be unique
// example: $newPass = password_hash( $row['id'] . $row['password'] . $row['perUserOrSystemDefinedSecret'], PASSWORD_DEFAULT );
$newPass = password_hash( $row['password'], PASSWORD_DEFAULT );
// We can sql inject ourself here but as the data is hashed or is probably a integer we should be fine.
$updateSql = 'UPDATE users SET passwordNonMd5 = "' . $newPass . '" WHERE id = ' . $row['id'];
mysqli_query( $conn, $updateSql );
}