dtpyvb1873 2018-07-16 08:12
浏览 152
已采纳

解密和验证登录详细信息时,md5不起作用

I have encrypted and store password. Once user login I want to decrypt and validate .But following code is not able to do that. Can any body help with this?

<?php
   include("config.php");


   if($_SERVER["REQUEST_METHOD"] == "POST") {


      $myusername = mysqli_real_escape_string($con,$_POST['username']);
      $mypassword =md5(mysqli_real_escape_string($con,$_POST['password']));


      $sql = "SELECT id FROM services WHERE user_name = '$myusername' and password = '$mypassword'";
      $result = mysqli_query($con,$sql);
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);


      $count = mysqli_num_rows($result);



      if($count == 1) {

         echo "success";

      }else {
         echo "fail";
      }
   }
?>
  • 写回答

3条回答 默认 最新

  • dongzhuoxie1244 2018-07-16 08:25
    关注

    1. It isn't necessary to escape value, that will be md5-hashed. You even could change the password (and md5 hash) if it contains some special char. For example, lets see at password's test' hashes:

      echo md5(mysqli_real_escape_string($con,$_POST['password']));
echo md5($_POST['password']);

    Output is:

    e1e7975d4f1958297ede35ea4fc13a27
5c28a8c6d799d302f3ef53afefdfc81b

    1. You shouldn't do:

      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);

    because you don't use it later and you don't check if num_rows > 0 and it'll give an error if there are 0 records.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效