PHP密碼驗證

我無法使用password_verify驗證密碼。我使用BCRYPT進行密碼散列。幫我在這段代碼發現錯誤，我怎麼在下面的select語句綁定變量：PHP密碼驗證

<?php 
    if (isset($_POST['submit'])) { 
     // echo "ok"; 
     $con = connect(); 
     $email = $_POST['email_id']; 
     $pass_word = $_POST['pass_word']; 
     if ($con) { 
      $query = mysqli_query($con,"select * from login where email_id='".$email."'"); 
      $rows = mysqli_num_rows($query); 
      if ($query) { 
       $row = mysqli_fetch_assoc($query); 
       if ($row) { 
        $hash = $row['password']; 
        if (password_verify($pass_word,$hash) { 
         echo '<strong>Successful' ; 
        } else { 
         echo "Invalid Password"; 
        } 
       } 
      } 
     } else { 
      die("Connection Error"); 
     } 
    } 
?>

來源

2016-06-29 shubhamj

缺少括號：

改變這裏

if(password_verify($pass_word,$hash)

到

if(password_verify($pass_word,$hash))

擴展爲請求：

"select * from login where email_id='".$email."'";

成爲

"select * from login where email_id= ?";

被傳遞到$的mysqli ::準備：

$stmt = $con->prepare("SELECT * FROM login WHERE email_id= ?"); 
$stmt->bind_param("s", $email); // "ss' is a format string, each "s" means string 
$stmt->execute(); 
$stmt->bind_result($email);// then fetch and close the statement

來源

2016-06-29 04:53:01 Afsar

其實這是由於複製mistake.Then我意識到，我沒有散列密碼全部。所以這不是working.Thanks反正。如何在選擇語句中綁定變量 – shubhamj

'「select * from login where email_id = $ email」'這將工作，因爲查詢是雙引號的，您可以使用插值 – Afsar

閱讀本文，http://stackoverflow.com/問題/ 16790501/php-variable-interpolation-vs-concatenation會幫助你 – Afsar

這裏需要一個封閉的parenthes在

if(password_verify($pass_word,$hash)

也查詢暴露sql注入嘗試準備它並將參數綁定到

$query=$conn->prepare($con,"select * from login where email_id=?"); 
$query->bind_param('s',$email); //change 's' with 'i' if you are expecting an integer 
$query->execute()//to execute the query

來源

2016-06-29 05:10:25 PacMan

用這個bind param

$stmt = $con->prepare("select * from login where email_id=?"); 
$stmt->bind_param("s", $email); 
$stmt->execute();

來源

2016-06-29 05:12:00 user1234

是啊感謝指出:)現在我改變了它 – user1234

回答

相關問題