All geek questions in one place

To select an encrypted password from mysql

I need to select only the password from the table with the specific username entered through the registration form. I store the password in encrypted form in the mysql table. Therefore, I need to compare this password and the saved password and print "successfully logged in". otherwise the password is incorrect. this is my code. Now I get the output as "1Resource id # 4" .can any help plz ...

mysql_select_db($dbName);
$user_name=$_POST['name'];
$pswd=$_POST['pswd'];
$res        = mysql_query("select * from xxx where Name='$user_name'");
$row        = mysql_num_rows($res);
echo $row;
$encpass=mysql_query("SELECT password FROM xxx WHERE Name = '$user_name'");
$result1= mysql_fetch_array($encpass);
echo $result1;
if($row>0)
{
//echo 'hi';
   if(md5($pswd)==$result1)
       {
         echo 'hi';
         echo "you have successfully signed in!!!";
         //echo $name   =   $row['Name'];
         //header("location:check.html");
       }
}

else
echo "you are not a member";
+3
source share
3 answers

You complicate this too much. You do not need to extract passwords from the database. You just need to see if you can select the line with the username and password that were sent.

- , , .

$username = $_POST['name'];
$password = my_password_encryption_function( $_POST['pswd'] );

- SQL. SQL-. ( ).

$preparedStatement = $db->prepare('SELECT * FROM xxx WHERE Name = :name AND password = :password');
$preparedStatement->execute(array(':name' => $username, ':password' => $password));
$rows = $preparedStatement->fetchAll();

- - . , . , .

+2

, .

:

if(md5($pswd)==$result1)

To:

if(md5($pswd)==$result1[0])
+1

, slipbull: " , ". - , .

SQL-. , .

mysql_real_escape_string() - .

, - !

0
source

Source: https://habr.com/ru/post/1713430/

More articles:


All Articles