我有一个Login.php
页面,可以检索并匹配注册用户的email address
和password
,如下所示:
<?php # login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Initialize an error array.
$errors = array();
//Flag variables
$e = $p = FALSE;
// Trim all the incoming data:
$trimmed = array_map('trim', $_POST);
//Validate the email
if (!empty($trimmed['email'])) {
$e = $trimmed['email'];
} else {
$errors[] = 'You forgot to enter your email address!';
}
// Validate the password:
if (!empty($trimmed['pass'])) {
$p = $trimmed['pass'];
} else {
$errors[]= 'You forgot to enter your password!';
}
if ($e && $p) { //OK
$q = "SELECT * FROM users WHERE email = ?";
//Prepare the statement
$stmt = $mysqli->prepare($q);
//Bind the parameters
$stmt->bind_param('s', $email) ;
//Assign values to variables
$email = $e;
//Execute the statement
$stmt->execute();
//Store the statement
$stmt->store_result();
$row_cnt = $stmt->num_rows;
echo $row_cnt;
}else{// If everything wasn't OK.
foreach ($errors as $msg) { // Print each error.
echo "- $msg<br />'n";
}
echo 'Please try again!';
}//end of IF($e && $p)
}
?>
<form action="login.php" method="post" id="loginForm">
<fieldset>
<p><b>Email</b><input type="email" name="email" ></p>
<p><b>Password</b><input type="password" name="pass"> </p>
</fieldset>
<p><input type="submit" value="Login" id="submit"></p>
一切都很顺利。但是,如果我将pass
检查添加到select query
中的 WHERE 中,如下所示:
$q = "SELECT * FROM users WHERE email = ? AND pass =?";
//Prepare the statement
$stmt = $mysqli->prepare($q);
//Bind the parameters
$stmt->bind_param('ss', $email, $pass) ;
//Assign values to variables
$email = $e;
$pass = SHA1('$p');
$row_cnt
始终返回 0,即使我提交的密码与数据库中users
表中的密码匹配或不匹配。
请问我做错了什么?我是否为 $pass
变量分配了正确的值,还是什么?
注意:我在注册过程中申请了$pass = SHA1('$p');
。
您的错误似乎是使用单引号替换变量,如下所示:
$pass = SHA1('$p');
当你使用单引号时,PHP 不会替换变量的内容,所以这一行实际上意味着值为 $p
的字符串。您必须使用双引号
$pass = SHA1("$p");
或者直接使用变量
$pass = SHA1($p);