1. 首頁
  2. 問答
  3. 串連數據庫字段與$ _ POST變量的PHP/MySQL

串連數據庫字段與$ _ POST變量的PHP/MySQL

2011-11-11 39 views
-2

HTML

<form style="margin:5px 0;" action="#" method="post"> 
       Buyer <input type="radio" name="addType" value="Buyer" /> 
       &nbsp;&nbsp;Merchant <input type="radio" name="addType" value="Merchant" /> 
      </form> 
      <form id="NewBuyerRegHp" method="post" action="check.php"> 
       Username or Email: <input type="text" name="userOrEmail" class="UserLogin" value="Username" onFocus="clearText(this)" /> <br /> 
       Password: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" name="userPass" class="UserLogin" value="Password" onFocus="clearText(this)" /> <br /> 
       <input type="submit" name="SubmitNewBuyerHp" value="Secure Login" /> 
      </form>

PHP

require_once('../inc/db/dbc.php'); 

$entPass = $_POST['userPass']; #entered password by user. 
$SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass); #more secure pass with dynam salt using SHA512 Hashing 

$NewUserLoginCheck = mysql_query("SELECT uUName, uEmail, uUPass, dynamSalt FROM User WHERE uUName OR uEmail = '".mysql_real_escape_string($_POST['userOrEmail'])."' AND uUPass = '".mysql_real_escape_string($_POST['userPass'])."' ")or die(mysql_error());

如何串聯輸入的用戶通過與mysql_real_escape_string($_POST['userPass'])dynamSalt場?我想結合mysql_real_escape_string($_POST['userPass']) . dynamSalt但我不能使用dynamSalt,直到它在SQL語句中被訪問?

我該怎麼做呢?

來源

2011-11-11 meow

+0

散列之前不需要轉義用戶輸入。 –

+0

此外,你的問題的描述是完全不清楚的;我不知道你在問什麼。 –

+0

我想連接'userPass'和字段名'dynamSalt'來檢查是否給出了一個有效的用戶名......這個'userPass.dynamSalt'連接驗證了密碼。現在跟着我? – meow

回答

1

試試這個

require_once('../inc/db/dbc.php'); 

//$entPass = $_POST['userPass']; #entered password by user. 
//$SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass); #more secure pass with dynam salt using SHA512 Hashing 

$NewUserLoginCheck = mysql_query("SELECT uUName, uEmail, uUPass, dynamSalt FROM User WHERE uUName OR uEmail = '".mysql_real_escape_string($_POST['userOrEmail'])."' AND uUPass = sha2(concat(dynamSalt, '".mysql_real_escape_string($_POST['userPass'])."'), 512) ")or die(mysql_error());

來源

2011-11-11 02:40:05

+1

它最初在sha 512中散列。我如何實現? – meow

+0

它最初是散列和醃製到數據庫中使用:'散列('sha512',$ dynamSalt。$ escapedInputtedPass)' – meow

+0

好吧然後改變256到512 '$ NewUserLoginCheck = mysql_query(「SELECT uUName,uEmail,uUPass,dynamSalt FROM User'WHERE uuname OR uEmail ='「.mysql_real_escape_string($ _ POST ['userOrEmail'])。」'AND uUPass = sha2(concat(dynamSalt,'「.mysql_real_escape_string($ _POST ['userPass'])。」'),512 )')或死亡(mysql_error());' –

0

我個人不CONCAT或轉義字符串在查詢中間的風扇。如果可能的話,最好(imo)完成所有事先查詢。這樣,您的查詢便於閱讀,並且您可以更輕鬆地對用戶輸入執行更多檢查,例如運行函數等。

來源

2011-11-11 04:51:11 frustratedtech

相關問題

 相關問題