-1
我在这里登录我目前正在处理,只是有一个小问题,我的PHP我认为。PHP登录Unity和Mysql
我用来连接到数据库的PHP:
<?php
$db_name = "mydata";
$mysql_username = "root";
$mysql_password = "";
$server_name = "localhost";
$conn = mysqli_connect($server_name, $mysql_username, $mysql_password, $db_name);
if($conn){
echo
"Connection Succesful";
}
else{
echo "Connection Not Succesful";
}
?>
我的实际登录PHP:
<?php
require "conn.php";
$Email = $_POST["emailPost"];
$Password = $_POST["passwordPost"];
$sql = "SELECT Password FROM users WHERE Email = '".$Email."' ";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result)>0){
while($row = mysqli_fetch_assoc($result)){
if($row == $Password){
echo "login success";
}
else{
echo "Password incorrect";
}
}
}else{
echo "user not found";
}
?>
终于协程,我用我的C#
IEnumerator LoginAccount()
{
WWWForm Form = new WWWForm();
Form.AddField("emailPost", Email);
Form.AddField("passwordPost", Password);
WWW www = new WWW(LoginUrl, Form);
yield return www;
Debug.Log(www.text);
}
我每次都得到Password incorrect。我错过了什么?
你为什么会循环,也应该只有一个密码以匹配 – 2016-12-06 03:02:28
**切勿将纯文本密码!**请使用PHP的[内置函数](http://jayblanchard.net/proper_password_hashing_with_PHP.html)来处理密码安全性。如果您使用的PHP版本低于5.5,则可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。确保你*** [不要越狱密码](http://stackoverflow.com/q/36628418/1011527)***或在哈希之前使用其他任何清理机制。这样做*更改密码并导致不必要的附加编码。 –
[Little Bobby](http://bobby-tables.com/)说*** [你的脚本存在SQL注入攻击风险。](http://stackoverflow.com/questions/60174/how-can- ***)了解[MySQLi](http://php.net/manual)[准备](http://en.wikipedia.org/wiki/Prepared_statement)声明/en/mysqli.quickstart.prepared-statements.php)。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不相信它?](http://stackoverflow.com/q/38297105/1011527) –