问题
I have converted my website from mysql to mysqli prepared statements except for one query. The query I can't figure out is:
$sql = "SELECT customerID FROM customer WHERE customerEmail = '$loginEmailAddress' AND customerPassword = PASSWORD('$loginPassword');";
$result = mysqli_query($mysqli, $sql);
This works fine. When I try to make an mysqli prepared statement, the problem is the mysql PASSWORD function. Is it even possible to convert this?
I tried things like:
$loginPassword = PASSWORD($loginPassword);
$stmt = $mysqli -> prepare("SELECT customerID from customer WHERE customerEmail = ? AND customerPassword = ? ");
$stmt -> bind_param("ss", $loginEmailAddress,$loginPassword);
$stmt -> execute();
$stmt->store_result();
$stmt -> bind_result($customerID);
$stmt -> close();
and of course no success. I also tried things like:
$loginPassword = '" . PASSWORD('$loginPassword') . "';
I am working toward using phpass, but in the meantime I need to keep using PASSWORD for my existing customers until they login and I can move them to the new hash.
来源:https://stackoverflow.com/questions/11781467/convert-from-mysqli-query-to-mysqli-prepared-statement-using-mysql-password-func