我使用下面的代码进行登录。我无法比较匹配的密码客户端和数据库的登录?
$sid = trim($_POST["id"]);
$pcode = trim(md5($_POST["pcode"]));
include_once "../conf.php";
$pdo = connect();
$sql_log = "select * from `manager` where `sid` = $sid limit 1";
$do_log = $pdo->prepare($sql_log);
$do_log->execute();
$num_log = $do_log->rowCount();
if($do_log){
if($num_log == 1){
while($row_log = $do_log->fetch()){
$pcode_db = $row_log["pcode"]; //md5 password
}
if(var_dump($pcode == $pcode_db)){ //or $pcode == $pcode_db, both return false
return true;
}else{
return false; // i get false for any password}
}
}
}
我无法登录到正确的密码!我在数据库中手动设置MD5密码与phpMyAdmin
首先阅读这个 - > http://php.net/manual/en/security.database.sql-injection.php – ManseUK
你是否在if条件中使用var_dump,你不能直接匹配它们吗? var_dump为变量var_dump($ pcode)== var_dump($ pcode_db) – sumi
'md5($ _ POST [“pcode”],true)'给出了什么? – idm