Using mysql and php
Is there any reason / value when checking the password for querying the database using the username and password (after disinfection, of course) and recording an unsuccessful attempt when the rows are not returned and do not query the database using the username, and then comparing the string reset password?
EDIT: to those who mentioned this below, yes, the password in the block is hashed.
If I understand you correctly, you are wondering if there is a difference between the comparison results:
$results = mysql_query("SELECT name FROM users WHERE name = $properlyEscapedName AND pass = $properlyEscapedPassword"); if (mysql_num_rows($result) == 1) $authenticated = true;
against
$results = mysql_query("SELECT name, pass FROM users WHERE name = $properlyEscapedName"); $array = mysql_fetch_assoc($results); if ($array["pass"] == $unescapedPass) $authenticated = true;
, , , , , . , , , , .
2 .
, , .
, , , , . , , ( "Arkh01", "arkh" "Arkh1" ).
, , , . . -, , , "aa" , "ab" . , .
, , IP , 5- . IP-, .
hmac + sha512 php: hash_hmac
. , .
/ , DOS. OTOH .
, cookie ( cookie , ), cookie - - , cookie ). , cookie, , , .
, .
.
Source: https://habr.com/ru/post/1738438/More articles:How to remove duplicate vectors inside a multidimensional vector? - c ++How can I combine everything in a string until the second separator appears with a regular expression? - phpCA2122: Do not indirectly expose methods with references. How to fix it in my code - code-analysisUsing glRotate and glTranslate with collision detection - c ++Why does my print not work? - javascriptКак отсортировать сетку, как только выбран переключатель - sqlкак остановить изменение размера страницы html - htmlMultiBinding in Silverlight 3 - silverlightC # Pragma to suppress error interruption - c #Android ViewFlipper + Gesture Detector - androidAll Articles