我正在为我的网站制作一个登录表格。当我单击登录表单上的提交时,它似乎没有像我的代码中那样运行SELECT语句。
$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = '$passwordclean'");
if($row = mysqli_fetch_assoc($result)){
$finalmessager['success'] = 'You are logged in';
$_SESSION['finalmessager']= $finalmessager;
}else{
$finalmessager['fail'] = 'You are not logged in';
$_SESSION['finalmessager']= $finalmessager;
}
它似乎可以识别$ emailclean,但似乎不读$ passwordclean。但是,当我尝试手动输入密码时,例如
$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = 'celenelqdekdnnd.......'");
它似乎工作正常。
我在这里做错了什么?
这是我的代码:
require "../config/init.php";
require "../config/config.php";
if(isset($_POST['submit'])){
$passwordclean = mysqli_real_escape_string($mysqli_conn, hash("sha512", $_POST['password']));
$emailclean= mysqli_real_escape_string($mysqli_conn, $_POST['email']);
$errorCheckr = array(); //an array is introduced to check errors
$finalmessager = array();//an array to display final message
if (empty($emailclean)) {
$errorCheckr['emailcheck'] = 'Please enter your email';
}else{
$_SESSION['email'] = $emailclean;
}
if (empty($passwordclean)) {
$errorCheckr['passwordcheck'] = 'Please enter your password';
}else{
$_SESSION['password'] = $passwordclean;
}
//Sanitize
if (!empty($emailclean) && !filter_var($emailclean, FILTER_VALIDATE_EMAIL)) {
$errorCheckr['emailvalidcheck'] = 'Your email is not valid';
}
if (strlen($email) > 50) {
$errorCheckr['emaillengthcheck'] = 'Your email is too long';
}
if (!empty($passwordclean) && strlen($passwordclean) < 5) {
$errorCheckr['passwordlengthcheck'] = 'Your password is too short';
}
if (empty($errorCheckr)) {
$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '$emailclean' AND password = '$passwordclean'");
if($row = mysqli_fetch_assoc($result)){
$finalmessager['success'] = 'You are logged in';
$_SESSION['finalmessager']= $finalmessager;
}else{
$finalmessager['fail'] = 'You are not logged in';
$_SESSION['finalmessager']= $finalmessager;
}
unset($_SESSION['email']);
unset($_SESSION['password']);
header('location:../loginform.php');
}else{
$_SESSION['regErrors']= $errorCheckr;
header('location:../loginform.php');
}
}
首先开启错误:
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
测试是否设置了post变量和密码:
<?php
var_dump($_POST['password']);
var_dump($passwordclean);
一些提示:
1)为什么要在会话中保存密码?
2)您正在检查$ passwordclean的长度,因为它将被sha512散列,所以它将始终为128个字符。
3):
<?php
$result = $mysqli_conn->query("SELECT * FROM user WHERE email = '". mysqli_real_escape_string($mysqli_conn, $_POST['email']) ."' AND password = '". mysqli_real_escape_string($mysqli_conn, hash("sha512", $_POST['password'])) ."'");
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句