我试图处理密码的MD5到数据库中,这是有关代码:传中password_hash场PDO
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass);
$insert->execute();
}elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$select = $pdo->prepare("SELECT * FROM users WHERE email='$email' and pass='$pass'");
$select->setFetchMode();
$select->execute();
$data=$select->fetch();
if($data['email']!=$email and $data['pass']!=$pass) {
echo "invalid email or pass";
}
elseif($data['email']==$email and $data['pass']==$pass) {
$_SESSION['email']=$data['email'];
$_SESSION['name']=$data['name'];
header("location:profile.php");
}
}
在db什么长度是合适的存储这个散列密码?
我如何使用:
$hashed_password = password_hash($pass, PASSWORD_DEFAULT);
var_dump($hashed_password);
和if语句,如果密码是确定的?
你为什么不尝试看到?它看起来是正确的,除了'md5()'是旧的和破碎的事实。你应该考虑使用'password_hash()'代替 – Qirel
而不是使用'md5',使用'password_ *'api来代替http://stackoverflow.com/questions/30279321/how-to-use-password-hash – Ghost
我改变了我的代码使用password_hash,但我不知道如何将if语句包裹在我的insert – user2371684