当前位置: 文江博客话题详情

php/postgres - 查询输出不会打印在浏览器上

发布于 2024-11-18 10:47:53 字数 572 浏览 7 评论 0原文

我正在用 postgresql 用 Php 编写一个简单的用户/登录系统。

我有一个功能可以确认用户名/密码是否存在,当用户按下登录按钮时该功能会被激活。

 public function confirmUserPass($username, $password){

    $username=pg_escape_string($username);

    /* Verify that user is in database */

    $q = "SELECT password FROM users WHERE email = '$username'";
    $result = pg_query($this->link,$q);

    /* Do more operations */
}

我想打印存储在 $results 中的查询,以便我可以在浏览器上看到它。当我使用 SQL 在 phppgAdmin 中执行此操作时,它会显示输出,但我在浏览器上看不到它。我尝试了 echo 和 printf 但在浏览器上看不到任何内容。我还尝试从浏览器查看源代码,但它什么也没显示。 有人可以帮我吗?

问候

原文

I am writing a simple user/login system in Php with postgresql.

I have a function that confirms whether username/passwords exists, which gets activated when a user presses the Login button.

 public function confirmUserPass($username, $password){

    $username=pg_escape_string($username);

    /* Verify that user is in database */

    $q = "SELECT password FROM users WHERE email = '$username'";
    $result = pg_query($this->link,$q);

    /* Do more operations */
}

I want to print the query stored in $results such that I can see it on the browser. When I do it in phppgAdmin using SQL it shows me the output but I cannot see it on the browser. I tried echo and printf but I could not see anything on the browser. I also tried to see view source from the browser but it shows nothing.
Can somebody help me with that?

Regards

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

ぽ尐不点ル 2024-11-25 10:47:53

从您的代码中: $result = pg_query($this->link,$q);

正如您已经发现的,尝试显示 $result 的内容上面的行不会给你任何有用的东西。这是因为它不包含查询返回的数据;它只包含一个“资源句柄”。

为了获取实际数据,您必须在 pg_query() 之后调用第二个函数。您需要的函数是 pg_fetch_array()。

pg_fetch_array() 获取您在 $result 中给出的资源句柄,并向其询问下一组数据。

SQL 查询可以返回多个结果,因此通常将 pg_fetch_array() 放入循环中并继续调用它,直到它返回 false 而不是数据数组。但是,在像您这样的情况下,您确定它只会返回一个结果,可以在 pg_query() 之后立即调用一次,而不使用循环。

您的代码可能如下所示:

$result = pg_query($this->link,$q);
$data = pg_fetch_array($result, NULL, PGSQL_ASSOC);

一旦您有了 $data,那么您就从数据库中获得了实际数据。

为了查看 $data 中的各个字段,您需要查看其数组元素。它应该有一个为查询中的每个字段命名的数组元素。在您的情况下,您的查询仅包含一个字段,因此它将被称为 $data['password']。如果查询中有更多字段,则可以通过类似的方式访问它们。

因此,您的下一行代码可能是这样的:

echo "Password from DB was: ".$data['password'];

如果您想查看原始数据,您可以使用 print_r()var_dump() 将其显示到浏览器> 功能。这些功能对于测试和调试非常有用。 (提示:将这些调用包装在 

 标记中,以便它们在浏览器中很好地显示)

希望有所帮助。

[编辑:事后的想法]

顺便说一下,有点偏离主题,但我想指出您的代码表明您的系统可能并不完全安全(即使您正确地转义了查询参数)。

真正安全的系统永远不会从数据库中获取密码。存储密码后,它只能在登录时在 WHERE 子句中使用,而不是在查询中提取。

典型的查询如下所示:

SELECT count(*) n FROM users WHERE email = '$username' AND password = '$hashedpass'

在这种情况下,密码将作为哈希值而不是纯文本存储在数据库中,并且 WHERE 子句会将其与密码的哈希版本进行比较已由用户输入。

我们的想法是,这使我们能够避免在系统中的任何地方以纯文本形式访问密码,从而降低了黑客攻击的风险,即使有人确实设法访问了数据库。

当然,这并不是万无一失的,而且对于这种安全性来说,这当然不是全部,但它肯定会比你现在看起来的方式更好。

From your code: $result = pg_query($this->link,$q);

As you've found already, trying to display the contents of $result from the line above will not give you anything useful. This is because it doesn't contain the data returned by the query; it simply contains a "resource handle".

In order to get the actual data, you have to call a second function after pg_query(). The function you need is pg_fetch_array().

pg_fetch_array() takes the resource handle that you're given in $result, and asks it for its the next set of data.

A SQL query can return multiple results, and so it is typical to put pg_fetch_array() into a loop and keep calling it until it returns false instead of a data array. However, in a case like yours where you are certain that it will return only one result, it is okay to simply call it once immediately after pg_query() without using a loop.

Your code could look like this:

$result = pg_query($this->link,$q);
$data = pg_fetch_array($result, NULL, PGSQL_ASSOC);

Once you have $data, then you've got the actual data from the DB.

In order to view the individual fields in $data, you need to look at its array elements. It should have an array element named for each field in the query. In your case, your query only contains one field, so it would be called $data['password']. If you have more fields in the query, you can access them in a similar way.

So your next line of code might be something like this:

echo "Password from DB was: ".$data['password'];

If you want to see the raw data, you can display it to the browser using the print_r() or var_dump() functions. These functions are really useful for testing and debugging. (hint: Wrap these calls in <pre> tags in order for them to show up nicely in the browser)

Hope that helps.

[EDIT: an after-thought]

By the way, slightly off-topic, but I would like to point out that your code indicates that your system may not be completely secure (even though you are correctly escaping the query arguments).

A truly secure system would never fetch the password from the database. Once a password has been stored, it should only be used in the WHERE clause when logging in, not fetched in the query.

A typical query would look like this:

SELECT count(*) n FROM users WHERE email = '$username' AND password = '$hashedpass'

In this case, the password would be stored in the DB as a hashed value rather than plain text, and the WHERE clause would compare that against a hashed version of the password that has been entered by the user.

The idea is that this allows us to avoid having passwords accessible as plain text anywhere in the system, which reduces the risk of hacking, even if someone does manage to get access to the database.

It's not foolproof of course, and it's certainly not the whole story when it comes to this kind of security, but it would definitely be better than the way you seem to have it now.

回复 原文
请远离我 2024-11-25 10:47:53

您必须连接到数据库,执行查询,然后获取结果。
尝试 php.net 中的示例

<?php
public function confirmUserPass($username, $password){

    $username=pg_escape_string($username);

    // Connecting, selecting database
    $dbconn = pg_connect("host=localhost dbname=publishing user=www password=foo")
        or die('Could not connect: ' . pg_last_error());

    // Performing SQL query
    $query = "SELECT password FROM users WHERE email = '$username'";
    $result = pg_query($query) or die('Query failed: ' . pg_last_error());

    // Printing results in HTML
    echo "<table>\n";
    while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) {
        echo "\t<tr>\n";
        foreach ($line as $col_value) {
            echo "\t\t<td>$col_value</td>\n";
        }
        echo "\t</tr>\n";
    }
    echo "</table>\n";

    // Free resultset
    pg_free_result($result);

    // Closing connection
    pg_close($dbconn);
    ?>

}
?>

http://php.net/manual/en /book.pgsql.php

You must connect to database , execute query, and then fetch results.
try this example from php.net

<?php
public function confirmUserPass($username, $password){

    $username=pg_escape_string($username);

    // Connecting, selecting database
    $dbconn = pg_connect("host=localhost dbname=publishing user=www password=foo")
        or die('Could not connect: ' . pg_last_error());

    // Performing SQL query
    $query = "SELECT password FROM users WHERE email = '$username'";
    $result = pg_query($query) or die('Query failed: ' . pg_last_error());

    // Printing results in HTML
    echo "<table>\n";
    while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) {
        echo "\t<tr>\n";
        foreach ($line as $col_value) {
            echo "\t\t<td>$col_value</td>\n";
        }
        echo "\t</tr>\n";
    }
    echo "</table>\n";

    // Free resultset
    pg_free_result($result);

    // Closing connection
    pg_close($dbconn);
    ?>

}
?>

http://php.net/manual/en/book.pgsql.php

回复 原文
~没有更多了~

关于作者

梦亿

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

qq_VRzBBA45

文章 0 评论 0

痴情

文章 0 评论 0

文章 0 评论 0

Mu.

文章 0 评论 0

凉薄对峙

文章 0 评论 0

不落城

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文