0
我想檢查記錄是否存在,如果存在,則轉到頁面A,否則轉到頁面B.但是它只是總是轉到頁面A是否有記錄。爲什麼我的嵌套IF條件不起作用?
<?php
$ini = parse_ini_file("../phpconfig.ini");
$conn = mysqli_connect($ini['hostaddress'], $ini['username'], $ini['password'], $ini['databasename']);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$options = ['cost' => 10,];
$number = mysqli_real_escape_string($conn, $_POST['number']);
$password = password_hash((mysqli_real_escape_string($conn, $_POST['password'])), PASSWORD_BCRYPT, $options);
$sql = "INSERT INTO usertemp (Employee_Number, Password)
VALUES ('$number', '$password')";
if (mysqli_query($conn, $sql)) {
$sql2 = "SELECT EXISTS(SELECT 1 FROM employee WHERE Number = '$number')";
$row2 = mysqli_query($conn, $sql2);
if (mysqli_num_rows($row2) > 0) {
//Has record in Employee table
header("location: display_createaccount_a.php");
} else {
//No record in Employee table
header("location: display_createaccount_b.php");
}
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
password_hash()函數的salt選項已被棄用,因此開發人員不會生成它們自己的(通常不安全的)鹽。當開發人員不提供鹽時,函數本身會生成密碼安全的鹽 - 因此不再需要自定義鹽生成。 PHP 7,在某些點你需要升級到該版本,更好地開始遵循其指導方針 –
請確保你*** [不要越獄密碼](http://stackoverflow.com/q/36628418/1011527)** *或在哈希之前使用其他任何清理機制。這樣做會改變密碼並導致不必要的附加編碼。 –
[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can- ***)瞭解[MySQLi](http://php.net/manual)[準備](http://en.wikipedia.org/wiki/Prepared_statement)聲明/en/mysqli.quickstart.prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不相信嗎?](http://stackoverflow.com/q/38297105/1011527) –