我使用下面的代碼進行登錄。我無法比較匹配的密碼客戶端和數據庫的登錄?
$sid = trim($_POST["id"]);
$pcode = trim(md5($_POST["pcode"]));
include_once "../conf.php";
$pdo = connect();
$sql_log = "select * from `manager` where `sid` = $sid limit 1";
$do_log = $pdo->prepare($sql_log);
$do_log->execute();
$num_log = $do_log->rowCount();
if($do_log){
if($num_log == 1){
while($row_log = $do_log->fetch()){
$pcode_db = $row_log["pcode"]; //md5 password
}
if(var_dump($pcode == $pcode_db)){ //or $pcode == $pcode_db, both return false
return true;
}else{
return false; // i get false for any password}
}
}
}
我無法登錄到正確的密碼!我在數據庫中手動設置MD5密碼與phpMyAdmin
首先閱讀這個 - > http://php.net/manual/en/security.database.sql-injection.php – ManseUK
你是否在if條件中使用var_dump,你不能直接匹配它們嗎? var_dump爲變量var_dump($ pcode)== var_dump($ pcode_db) – sumi
'md5($ _ POST [「pcode」],true)'給出了什麼? – idm