doutuo7815 2018-02-18 13:04
浏览 565
已采纳

php mysql where语句,如果第二个条件为false,则返回true

I am running a mysql statement which actually evaluates to true despite the incorrectness of a value. Bellow is the function

<?php
public function login_user($username, $password){

      if(!empty($username) && !empty($password)){
        $sql = "SELECT * FROM `users` WHERE `user_name`='$username' AND `user_password`='$password'";
        $query = $this->link->query($sql);

        if($this->link->error){
            //return false;
            $this->log_db_error($this->link->error, $sql);
            return false;
        }
        else{

            return true;
        }
    }
    else{
      return false;
    }
  }
?>

Calling this function with the params and passing a correct username and a wrong password actually returns true, where am I messing up? Any help

  • 写回答

1条回答 默认 最新

  • dsqa6272 2018-02-18 13:14
    关注

    Because the sql query is totally valid even if the combination of username and password doesn't exist in database.

    You can achieve what you want by: Checking if query returns empty dataset.

    Some Tips: 1. Your query is prone to sql injection. It is good practice to use prepare and then bind all the input parameters. 2. It's good to keep passwords in hash (Like md5 or BCrypt) in database.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效
  • ¥15 悬赏!微信开发者工具报错,求帮改