0
我對使用MySql很陌生,無法從數據庫檢索值。我的印象是,我正在以正確的方式開展工作,但我的回聲陳述並未打印任何內容。從MySQL數據庫檢索值時遇到問題
我很感激一些幫助。我的代碼如下。我知道我必須稍後添加安全性,例如清理用戶輸入。
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$hashedPass = sha1($password);
if ((!isset($email)) || (!isset($password))) {
//Visitor needs to enter a name and password
echo "Data not provided";
} else {
echo "Received details $email and $password <br/>";
// connect to mysql
$mysql = mysqli_connect("localhost", "root", "root");
if(!$mysql) {
echo "Cannot connect to PHPMyAdmin.";
exit;
} else {
echo "Connected to phpmyadmin <br/>";
}
}
// select the appropriate database
$selected = mysqli_select_db($mysql, "languageapp");
if(!$selected) {
echo "Cannot select database.";
exit;
} else {
echo "DB Selected";
}
// query the database to see if there is a record which matches
$query = "select count(*) from user where email = '".$email."' and password = '".$hashedPass."'";
$result = mysqli_query($mysql, $query);
if(!$result) {
echo "Cannot run query.";
exit;
}
$row = mysqli_fetch_row($result);
$count = $row[0];
$userdata = mysqli_fetch_array($result, MYSQLI_BOTH);
echo $userdata[3];
echo $userdata['firstName'];
if ($count > 0) {
echo "<h1>Login successful!</h1>";
echo "<p>Welcome.</p>";
echo "<p>This page is only visible when the correct details are provided.</p>";
} else {
// visitor's name and password combination are not correct
echo "<h1>Login unsuccessful!</h1>";
echo "<p>You are not authorized to access this system.</p>";
}
?>
*我知道我將不得不稍後添加安全性 - - 以後不要這樣做,只是意味着丟棄代碼並正確地重寫它(或忘記)。第一次就做對了。 – Quentin
閱讀[PHP密碼常見問題](http://php.net/manual/en/faq.passwords.php) - 不要使用sh1並使用鹽。 – Quentin
如果你太不知所措使用數據庫轉義,那麼使用不需要它的當代數據庫API怎麼樣?它使用[PDO](http://php.net/manual/en/mysqlinfo.api.choosing.php)和準備好的語句更簡單*。這對懶惰的人來說是完美的! – mario