This question already has an answer here:
这个问题已经有了答案:
- check if row exists with mysql 3 answers
- 检查行是否存在mysql 3答案
- How to get MySQLi error information in different environments 1 answer
- 如何获得不同环境下的sqmyli错误信息1答案
I've got a login for a project that I'm trying to figure out. I've got a values by POST (through an AJAX call), I've already checked if the username entered exists and up to there, it works well. But know I want to check if the password is valid for that username. Here's the PHP code:
我有一个项目的登录名,我想要弄清楚。我已经通过POST(通过AJAX调用)获得了一个值,我已经检查了输入的用户名是否存在,直到那里,它工作得很好。但我想检查密码是否对用户名有效。PHP代码:
<?php
//File with the conection data
include_once "../conexion.php";
//Initialization
$user = "";
$password = "";
$errors = "";
$result = "";
$result2 = "";
//Some validations (I've edited a little to make it shorter)
if((isset($_POST['user'])) && (!empty($_POST['user']))){
$user = $_POST['user'];
}else{
$errors .= "blablablah";
}
if((isset($_POST['password'])) && (!empty($_POST['password']))){
$password = $_POST['password'];
}else{
$errors .= "blablabla";
}
//I make the query
$sql = "SELECT user FROM users WHERE user = ?";
//I prepare the query
if($stmt = $con->prepare($sql)){
$stmt->bind_param('s', $user);
$result = $stmt->execute();
}
/* UP TO HERE, if I check that $result is true and echo "User exists" or something like that, IT WORKS, AS THE USER EXISTS */
/* BUT now I want to check the PASSWORD, given that the user exists */
if($result){
//I make the query
$sql2 = "SELECT user, password FROM users WHERE user = ? AND password = ?";
//I prepare the query
if($stmt2 = $con->prepare($sql2)){
$stmt2->bind_param('ss', $user, $password);
$result2 = $stmt2->execute();
if($result2){
echo "ENTERED";
}else{
echo "PASSWORD OR USER INCORRECT";
}
}
}
?>
I'm using the result of those echos in the success function in the AJAX call, here's the code for that (there's an onClick event (onClick="login()") in the button of the form, and validationLogin() has all the valitations for the fields --> all that works fine):
我在AJAX调用的success函数中使用这些echos的结果,这里有代码(在表单的按钮中有一个onClick事件(onClick="login()")), validationLogin()具有字段的所有值——>,一切正常):
function login(){
if(validationLogin()){
$.ajax({
url: "http://localhost/myProject/extras/Login.php",
type: "POST",
data: {"user": user,
"password": password,
},
dataType: "html",
cache: false,
beforeSend: function() {
console.log("Processing...");
},
success:
function(data){
alert(data);
console.log(data);
}
});
}else{
//alert("Incorrect fields");
}
}
This returns EMPTY, I alert the data just to check what it has... the alert is empty, don't understand why :/
这个返回空的,我提醒数据检查它有什么。警报为空,不明白为什么:/
I've tried this idea --> PHP mySQL check if username and password are in the database but in that case it keeps saying that it's incorrect :/
我尝试过这个想法——> PHP mySQL检查用户名和密码是否在数据库中,但在这种情况下,它一直说它不正确:/。
A few notes:
一些笔记:
- I know that the passwords should be encrypted, will probably use md5 later on.
- 我知道密码应该加密,以后可能会使用md5。
- By using the echos in the PHP file and the alert(data) / console.log(data) in the JS file, I just want to check if it works, in order to proceed. Perhaps there are other ways, better ways of doing all this, I know, but I like to go little by little
- 通过使用PHP文件中的echos和JS文件中的alert(data) / console.log(data),我只想检查它是否工作,以便继续。也许还有其他更好的方法,我知道,但我喜欢一点一点地去做
- I'm really trying to understand what I code, then will improve on it, I really want to understand how and why it functions or not
- 我真的在尝试理解我的代码,然后会改进它,我真的想知道它是如何工作的,为什么会这样
- I would like to continue using prepared statements
- 我想继续使用准备好的语句
Thanks everyone in advance! :)
提前谢谢大家!:)
1 个解决方案
#1
2
You should try this:
你应该试试这个:
$sql = "SELECT user,password FROM users WHERE user = ?";
//I prepare the query
if($stmt = $con->prepare($sql)){
$stmt->bind_param('s', $user);
$result = $stmt->execute();
if ($result) {
$stmt->bind_result($user_name,$password_db);
} else {
$user_name="";
$password_db="";
}
// Check Password
if ($password==$password_db){
/// PASSWORD IS OK
}
}
Now you have the user in $user_name and the password in $password (if exists) so you don't need the second sql statement. In the PHP function you can use:
现在,您拥有$user_name中的用户,以及$password(如果存在)中的密码,因此不需要第二个sql语句。在PHP函数中可以使用:
data: {"user": <?php echo $user_name ?>,
"password": <?php echo $password_db ?> ,
},
#1
2
You should try this:
你应该试试这个:
$sql = "SELECT user,password FROM users WHERE user = ?";
//I prepare the query
if($stmt = $con->prepare($sql)){
$stmt->bind_param('s', $user);
$result = $stmt->execute();
if ($result) {
$stmt->bind_result($user_name,$password_db);
} else {
$user_name="";
$password_db="";
}
// Check Password
if ($password==$password_db){
/// PASSWORD IS OK
}
}
Now you have the user in $user_name and the password in $password (if exists) so you don't need the second sql statement. In the PHP function you can use:
现在,您拥有$user_name中的用户,以及$password(如果存在)中的密码,因此不需要第二个sql语句。在PHP函数中可以使用:
data: {"user": <?php echo $user_name ?>,
"password": <?php echo $password_db ?> ,
},