发表新帖
发表新帖

PHP login issues

前端 未结
关注
2 837
渐次进展
渐次进展 2021-01-26 10:14

I am creating a login which links to a database, when entering information the login then runs a blank page and does nothing, below is my code:

    include \"con
相关标签:
2条回答
  • 执念已碎
    2021-01-26 10:39

    Please help! SOS Yep, you're in deep sh... But not for what you'd expect...

    Even if your code was operating well, you are the 5th or 6th who asks roughly the same question, riddled with SQL injection in a PHP login form using the deprecated mysql_ functions...

    And also, $guery is not the same as $query... Check for the q and g letters...

    This line:

    $guery = mysql_query("SELECT * FROM UserAccount WHERE email_address = '$email_address'");

    Should be at least

    $query = mysql_query("SELECT * FROM UserAccount WHERE email_address = '".mysql_real_escape($email_address)."'");

    to both be correct, and avoid injection...

    But you should really be using prepared statements through PDO, like this:

    try {
    //open connection, this is different than in the old functions
    $dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);

    //***running query
    //**step1: create statement
    $stmt = $dbh->prepare('SELECT * FROM UserAccount WHERE email_address = :email'); //notice parameter prefixed with ':'

    //**step2: bind values (be sure to also check out the bindParameter() function too!)
    $stmt->bindValue(':email', $email_address);

    //**step3: exexcute statement
    $stmt->execute();

    //**step4: process results
    $result = $stmt->fetch(PDO::FETCH_OBJ);

    if($result->PASSWORD==$password) {
      //logged in, do whatever reuqired
    }

    $dbh = null; //don't let it slip out of our hands
} catch (PDOException $e) {
    print "Error!: " . $e->getMessage() . "<br/>";
    die();
}

    Also, another word of caution: don't store plaintext passwords. Even storing MD5 hashes is out of scope these days, and SHA1 is also declared to be weak...

    0 讨论(0)
  • 星月不相逢
    2021-01-26 10:42

    You're missing a few ; in your code which is causing the script to crap out and not display anything. (Specifically in the while loop but check elsewhere as well.)

    Edit: You may also want to consider losing that while loop all together and putting the password criteria in the SQL statement for better performance. And like the other poster said, watch out for SQL injection.

    0 讨论(0)
 看不清?
提交回复
热议问题