HTML
<form style="margin:5px 0;" action="#" method="post">
Buyer <input type="radio" name="addType" value="Buyer" />
Merchant <input type="radio" name="addType" value="Merchant" />
</form>
<form id="NewBuyerRegHp" method="post" action="check.php">
Username or Email: <input type="text" name="userOrEmail" class="UserLogin" value="Username" onFocus="clearText(this)" /> <br />
Password: <input type="password" name="userPass" class="UserLogin" value="Password" onFocus="clearText(this)" /> <br />
<input type="submit" name="SubmitNewBuyerHp" value="Secure Login" />
</form>
PHP
require_once('../inc/db/dbc.php');
$entPass = $_POST['userPass']; #entered password by user.
$SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass); #more secure pass with dynam salt using SHA512 Hashing
$NewUserLoginCheck = mysql_query("SELECT uUName, uEmail, uUPass, dynamSalt FROM User WHERE uUName OR uEmail = '".mysql_real_escape_string($_POST['userOrEmail'])."' AND uUPass = '".mysql_real_escape_string($_POST['userPass'])."' ")or die(mysql_error());
如何将输入的用户传递与mysql_real_escape_string($_POST['userPass'])连接到dynamSalt字段?我想组合mysql_real_escape_string($_POST['userPass']) . dynamSalt,但在SQL语句中访问之前我不能使用dynamSalt?
我将如何做到这一点?
答案 0 :(得分:1)
试试这个
require_once('../inc/db/dbc.php');
//$entPass = $_POST['userPass']; #entered password by user.
//$SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass); #more secure pass with dynam salt using SHA512 Hashing
$NewUserLoginCheck = mysql_query("SELECT uUName, uEmail, uUPass, dynamSalt FROM User WHERE uUName OR uEmail = '".mysql_real_escape_string($_POST['userOrEmail'])."' AND uUPass = sha2(concat(dynamSalt, '".mysql_real_escape_string($_POST['userPass'])."'), 512) ")or die(mysql_error());
答案 1 :(得分:0)
我个人不喜欢在查询过程中使用concat或转义字符串。如果可能的话,最好(imo)做一切预查询。这样您的查询就很容易阅读,并且您可以更轻松地对用户输入执行更多检查,例如运行函数等。