HTML
<form style="margin:5px 0;" action="#" method="post">
Buyer <input type="radio" name="addType" value="Buyer" />
Merchant <input type="radio" name="addType" value="Merchant" />
</form>
<form id="NewBuyerRegHp" method="post" action="check.php">
Username or Email: <input type="text" name="userOrEmail" class="UserLogin" value="Username" onFocus="clearText(this)" /> <br />
Password: <input type="password" name="userPass" class="UserLogin" value="Password" onFocus="clearText(this)" /> <br />
<input type="submit" name="SubmitNewBuyerHp" value="Secure Login" />
</form>
PHP
require_once('../inc/db/dbc.php');
$entPass = $_POST['userPass']; #entered password by user.
$SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass); #more secure pass with dynam salt using SHA512 Hashing
$NewUserLoginCheck = mysql_query("SELECT uUName, uEmail, uUPass, dynamSalt FROM User WHERE uUName OR uEmail = '".mysql_real_escape_string($_POST['userOrEmail'])."' AND uUPass = '".mysql_real_escape_string($_POST['userPass'])."' ")or die(mysql_error());
如何串聯輸入的用戶通過與mysql_real_escape_string($_POST['userPass'])
與dynamSalt
場?我想結合mysql_real_escape_string($_POST['userPass']) . dynamSalt
但我不能使用dynamSalt,直到它在SQL語句中被訪問?
我該怎麼做呢?
散列之前不需要轉義用戶輸入。 –
此外,你的問題的描述是完全不清楚的;我不知道你在問什麼。 –
我想連接'userPass'和字段名'dynamSalt'來檢查是否給出了一個有效的用戶名......這個'userPass.dynamSalt'連接驗證了密碼。現在跟着我? – meow