执行语句我插入用户输出这样的:失败,PHP和MySQL
$userName= SanitizeString($userName);
$pass= SanitizeString($pass);
$email= SanitizeString($email);
$userName=mysql_real_escape_string($userName);
$pass=mysql_real_escape_string($pass);
$email=mysql_real_escape_string($email);
$salt = 'SHIFLETT';
$password_hash = md5($salt . md5($pass.$salt));
mysql_query("INSERT INTO users (user_name,pass,email,reputation,role,ban,date) VALUES ('$userName', '$password_hash', '$email', '$reputation', '$role','false','$date')") or exit(mysql_error());
这是SanitizeString($ VAR)功能:
function SanitizeString($var)
{
$var=stripslashes($var);
$var=htmlentities($var, ENT_QUOTES, 'UTF-8');
$var=strip_tags($var);
return $var;
}
但是,当我试图找到用户密码和名称与此查询。它失败:
$user_name=SanitizeString($user_name);
$pass=SanitizeString($pass);
$user_name=mysql_real_escape_string($user_name);
$pass=mysql_real_escape_string($pass);
$salt = 'SHIFLETT';
$password_hash = md5($salt . md5($pass.$salt));
$result=mysql_query("SELECT COUNT(*) AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error());
如果计数大于0比这意味着它发现一个结果,用户应登录,但是,这并不happen..Why?
UPDATE更多这样的:
if(mysql_num_rows($result)>0)
{
echo "Login successful".mysql_num_rows($result);
return $dataArray=TRUE;
}
else
{
echo "Login unsuccessful:".mysql_num_rows($result);
}
确定密码是否正确? – blockhead
也许是因为你的密码被清理了?我认为这不是必要的,因为你计算的散列 – user973254
做一个散列md5(md5('你的文本在这里'))的散列从来不是一个好主意,因为它使散列不太可靠。如果可能的话,也尝试使用sha256。 – TFennis