无论我在做什么,我只会得到密码或用户名是不正确的字符串。什么问题?我试图运行php的网站示例,它工作,所以什么我做错了吗? 下面的代码的家伙:password_verify不会返回true我会做什么
<?php
include __DIR__.'/includes/database.php';
class Login{
public function validateCredentials($username, $password){
global $mysqli;
$query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';";
$result = $mysqli->query($query);
$row = $result->fetch_array(MYSQLI_NUM);
if(password_verify($row['0'],$password)){return true;}
return false;
}
}
$object = new Login();
if(isset($_POST['username'])&&isset($_POST['password']))
{
if($object->validateCredentials($_POST['username'],$_POST['password']))
{
echo 'Logged in!';
}
else
{
echo 'Password or username incorrect!';
}
}
else
{
echo 'Username or password not entered!';
}
?>
使用准备与mysqli的语句,什么都将是一个SQL注入迟早的事。 – Mihai 2014-11-22 18:51:20