Password_Verify不会返回值

Question

即时尝试为我的网站做一个登录系统，我能够散列密码并将散列数据插入数据库，但是检索它有点不同。

我正在为上一页中的给定用户名（以及上一页中给定的密码）在页面中搜索（哈希密码）。然后让我的代码看看这两个密码是否匹配，但是，我没有得到价值回报。是的，我在回应，并提出建议？

<?php 
session_start(); 

include 'dbh.php'; 

$Username = $_POST['Username']; 
$Password = $_POST['Password']; 

$sql = "SELECT * FROM account WHERE Username='$Username'"; 
$result = $conn->query($sql); 
while ($row = $result->fetch_assoc()) { 
    $UsernameActualhashedPassword = $row['Password']; 
} 

$input = $Password; 

echo $input; 
echo $UsernameActualhashedPassword; 
echo password_verify($input, $UsernameActualhashedPassword); 

Answer 1

试试这一个，寻找Sanitizing user for secure login

<?php 
session_start(); 

include 'dbh.php'; 

$Username = $_POST['Username']; 
$Password = $_POST['Password']; 
$hashpass = hash_fun($password); // use the same hash function which you have used in the signup 
$sql = "SELECT count(*) FROM account WHERE Username='$Username' and 
password='$hashpass'"; 
$result = $conn->query($sql); 
if($result>0) 
    echo "Login success"; 
else echo "wrong username or password"; 
?>