MySQL数据库检查
这是我的代码,
$username = $_POST['user'];
$password = $_POST['pass'];
if (isset($_POST['user'])); {
$db = mysqli_connect('localhost', 'root', '', 'db');
if($query = mysqli_query($db, "SELECT `pass` FROM `accounts` WHERE `user` = '$username'")){
while($row = mysqli_fetch_assoc($query)){
$row['pass'] = $setpassword;
}
mysqli_free_result($query);
}
}
它当前的作用是从表单中检索用户输入的用户名和密码,获取该用户名并找到具有该用户名的行,然后从该行获取密码并将其设置为变量 $setpassword。下面的代码用于检查密码是否与数据库中给定的用户名匹配。
if ($password=='') {
$verify = 0;
}
if ($password!='') {
if ($password!=$setpassword) {
$verify = 1;
}
if ($password==$setpassword) {
$verify = 2;
}
}
如果验证是... 0 - 登录表单将显示为未输入任何内容。 1 - 错误的密码将与登录表单一起显示。 2 - 将显示正确的密码,并将用户名分配给会话变量。
我遇到一个问题,用户可以输入不存在的用户名和任何密码(无论是否在数据库中),并且都会进行验证。
如何检查数据库中不存在用户名?
This is my code
$username = $_POST['user'];
$password = $_POST['pass'];
if (isset($_POST['user'])); {
$db = mysqli_connect('localhost', 'root', '', 'db');
if($query = mysqli_query($db, "SELECT `pass` FROM `accounts` WHERE `user` = '$username'")){
while($row = mysqli_fetch_assoc($query)){
$row['pass'] = $setpassword;
}
mysqli_free_result($query);
}
}
What it currently does is from a form, retrive a username and password that the user has entered, take that username and find the row with that username and get the password from that row and set it as the variable $setpassword. Below is the code to check if the password matches the given username on the database.
if ($password=='') {
$verify = 0;
}
if ($password!='') {
if ($password!=$setpassword) {
$verify = 1;
}
if ($password==$setpassword) {
$verify = 2;
}
}
If verify is...
0 - The Login Form Will appear as nothing has been entered.
1 - Incorrect Password will be displayed along with the login form.
2 - Correct Password will be displayed and the username will be assigned to a session variable.
I'm having a problem where a user can enter a username that doesnt exist and any password wether its in the database or not and it will be verified.
What can I do to check if the username doesn't exist on the database?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
当您接受用户注册时,查询数据库以查看它是否已经存在。
我不确定这是你做那件事的地方。但要消除重复项,您可以这样做。此外,您还可以将列用户定义为唯一。这样 SQL 将不允许重复值。
还有这一行:
这是相反的。你应该反过来做。
如果我需要澄清任何事情,请告诉我。
When you are accepting the user's registration query the database to see if it already exists.
I'm not sure this is where you are doing that. But to eliminate duplicates you can do it that way. Also, you can define the column user as unique. That way the SQL will not allow duplicate values.
Also this line:
This is reversed. You should be doing it the other way around.
Let me know if I need to clarify anything.
试试这个:
Try this:
这一行有一个额外的分号,使得整个代码无法
进行验证,您所需要做的就是检索密码并将其与输入的密码进行比较:
请注意,$row可能是空的,因此,您必须先检查它
但是,您可以在查询中进行这两种比较,如下所示
但是,您的代码存在两个常见问题。
最好保存哈希值而不是纯密码。
在将数据添加到查询中之前,您应该清理数据
至少以这种方式清理数据:
there is an extra semicolon in this line, making whole code not working
to do your verification, all you need is to retrieve the password and compare it with entred one:
note that $row could be ampty, so, you have to check it first
however, you can do both comparisons in the query, like this
However, your code suffers from 2 common problems.
It is better to save a hash instead of the plain password.
You should sanitize your data before adding it in the query
at least this way: