2015-01-12 120 views
0

我嘗試比較用戶密碼什麼內部數據庫,並與隨之而來的登錄表單躺着,但是當我這樣做:bindParam用MD5()列PDO PHP

$stmt = $dbh->prepare('SELECT * FROM users WHERE (username = :username, password = :password)'); 
$stmt->bindParam(':username', $_POST['username']); 
$stmt->bindParam(':password', md5($_POST['password'])); 
$stmt->execute(); 
$stmt->fetch(); // return false 

我做錯了嗎?

+2

SELECT * FROM其中username =用戶:用戶名和密碼=:密碼 – user3383116

+0

和'bindParam'結合的變量,使用'bindValue'代替。 –

+3

**危險**:「MD5」是[不適合的哈希算法](http://php.net/manual/en/faq.passwords.php);您需要[更好地照顧](https://你的用戶密碼 – Quentin

回答

2

你應該寫這樣的查詢:

SELECT * FROM users WHERE (username = :username AND password = :password) 
2

查詢是錯誤的。 試試這個:

$stmt = $dbh->prepare('SELECT * FROM users WHERE username = :username AND password = :password'); 
1

讓你的查詢正確無誤。使用下面的代碼

$stmt = $dbh->prepare('SELECT * FROM users WHERE username = :username AND password = :password'); 
$stmt->bindParam(':username', $_POST['username']); 
$stmt->bindParam(':password', md5($_POST['password'])); 
$stmt->execute(); 
$stmt->fetch(); // return false 

希望這有助於你