0

我对 MYSQL 和 PHP 完全陌生,所以我只需要做一些非常基本的事情。我需要从帐户中选择一个密码username = $_POST['username']……我无法弄清楚这个密码,我不断得到resource id(2)输入帐户的密码而不是所需的密码。我需要通过 mysql 查询函数传递该 mysql 并将返回值保存在变量 $realpassword 中。谢谢!

编辑:此代码返回资源 id (2) 而不是真实密码代码:

<?php
$con = mysql_connect('server', 'user', 'pass'); 
if (!$con) 
{ 
    die('Could not connect: ' . mysql_error()); 
} 
echo '<br/> '; 

// Create table
mysql_select_db("dbname", $con);

//Variables

//save the entered values

$enteredusername = $_POST['username'];
$hashedpassword = sha1($_POST['password']);

$sql = "SELECT password from accounts where username = '$enteredusername'";

$new = mysql_query($sql,$con);

echo "$new";


if (!mysql_query($sql,$con))
{
  die('Error: ' . mysql_error());
}



mysql_close($con);

?>
4

6 回答 6

1

如果将PDO准备好的语句一起使用会好很多。

这是连接到 MySQL 服务器的方式:

$db = new PDO('mysql:host=example.com;port=3306;dbname=your_database', $mysql_user, $mysql_pass);

这就是您正确选择行的方式(使用bindParam):

$stmt = $db->prepare('SELECT password FROM accounts WHERE username = ?;');
$stmt->bindParam(1, $enteredusername);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$password = $result['password'];

此外,绑定参数,而不是立即将它们放入查询字符串,可以保护您免受 SQL 注入(在您的情况下很可能因为您不以任何方式过滤输入)。

于 2013-02-18T18:48:27.000 回答
0

通过看到这个问题,我们可以理解你对编程非常陌生。所以我要求你通过这个链接http://php.net/manual/en/function.mysql-fetch-assoc.php

我正在为下面的每一行添加评论

$sql = "SELECT id as userid, fullname, userstatus
        FROM   sometable
        WHERE  userstatus = 1"; // This is query

$result = mysql_query($sql); // This is how to execute query

if (!$result) { //if the query is not successfully executed
    echo "Could not successfully run query ($sql) from DB: " . mysql_error();
    exit;
}

if (mysql_num_rows($result) == 0) { // if the query is successfully executed, check how many rows it returned
    echo "No rows found, nothing to print so am exiting";
    exit;
} 

while ($row = mysql_fetch_assoc($result)) { //fetch the data from table as rows
    echo $row["userid"]; //echoing each column
    echo $row["fullname"];
    echo $row["userstatus"];
}

希望能帮助到你

于 2013-02-18T18:47:26.857 回答
0

尝试这个

   <?php
  $con = mysql_connect('server', 'user', 'pass'); 
 if (!$con) 
 { 
 die('Could not connect: ' . mysql_error()); 
 } 
 echo '<br/> '; 

// Create table
 mysql_select_db("dbname", $con);

 //Variables

 //save the entered values

 $enteredusername = mysql_real_escape_string($_POST['username']);
 $hashedpassword = sha1($_POST['password']);

 $sql = "SELECT password from accounts where username = '$enteredusername'";

 $new = mysql_query($sql,$con);

 $row = mysql_fetch_array($new) ;
 echo $row['password'];

 if (!$new)
{
 die('Error: ' . mysql_error());
}



 mysql_close($con);

?>
于 2013-02-18T18:48:26.190 回答
0

我认为您的代码看起来像这样

$realpassword = mysql_query("SELECT password 
     from accounts where username = '$_POST[username]'");
echo $realpassword;

这将返回一个Resource用于指向数据库中记录的。然后您需要做的是获取资源指向的行。所以,你这样做(请注意,我将使用结构化 MySQLi 而不是 MySQL,因为 MySQL 现在已被弃用。)

$connection = mysqli_connect("localhost", "your_mysql_username", 
    "your_mysql_password", "your_mysql_database") 
    or die("There was an error");
foreach($_POST as $key=>$val) //this code will sanitize your inputs.
    $_POST[$key] = mysqli_real_escape_string($connection, $val);
$result = mysqli_query($connection, "what_ever_my_query_is") 
    or die("There was an error");
//since you should only get one row here, I'm not going to loop over the result.
//However, if you are getting more than one rows, you might have to loop.
$dataRow = mysqli_fetch_array($result);
$realpassword = $dataRow['password'];
echo $realpassword;

因此,这将负责检索密码。但是你有更多的内在问题。您没有清理输入,甚至可能没有将散列密码存储在数据库中。如果您是从 PHP 和 MySQL 开始的,那么您真的应该研究一下这些东西。

编辑:如果您只是想创建一个登录系统,那么您不需要从数据库中检索密码。在这种情况下,查询非常简单。

$pass = sha1($_POST['Password']);
$selQ = "select * from accounts 
    where username = '$_POST[Username]' 
    and password = '$pass'";
$result = mysqli_query($connection, $selQ);
if(mysqli_num_rows($result) == 1) {
    //log the user in
}
else {
    //authentication failed
}

从逻辑上讲,用户可以登录的唯一方法是用户名和密码都匹配。因此,用户名和密码只有 1 行。这正是我们在这里检查的内容。

于 2013-02-18T18:49:22.857 回答
-1 
$username = $_POST['username'];                                       
$login_query = "SELECT password FROM users_info WHERE users_info.username ='$username'";        
$password = mysql_result($result,0,'password');
于 2013-02-18T18:39:06.473 回答
-1 
<?php
$query = "SELECT password_field_name FROM UsersTableName WHERE username_field_name =".$_POST['username'];
$result = mysql_query($query);
$row = mysql_fetch_array($result);
echo $row['password_field_name'];
?>
于 2013-02-18T18:37:50.490 回答