2016-02-21 07:26
浏览 80


I tried to assign a salt to md5() function along with the password parameter. But PHP is displaying an error message when the code is executed.

An error message Strict standards: Only variables should be passed by reference is displayed when I try to execute the following code. I tried to assign the reference to a variable and pass it to the md5() function. But still PHP is displaying the same error message.

    global $Database;
    if ($stmt = $Database -> prepare("SELECT * FROM users WHERE username = ? and password = ?")) {
        $salt = $this->salt;
        $stmt -> bind_param("ss", $user, md5($pass . $salt));
        $stmt -> execute();
        $stmt -> store_result();

        if ($stmt -> num_rows > 0) {
            $stmt -> close();
            return TRUE;
        } else {
            $stmt -> close();
            return FALSE;
    } else {
        die("ERROR: Could not prepare MySQLI statement");
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • down_load1117 2016-02-21 07:29

    bind_param's params need references to variables. You cannot use md5() directly, you'll need to assign it to a variable first:

    md5pass = md5($pass . $salt);

    Then, use it:

    $stmt -> bind_param("ss", $user, $md5pass);

    Tip: Please don't use md5() for hashing passwords. You can use crypt() with blowfish algorithm as it is much more secure.

    解决 无用
    打赏 举报

相关推荐 更多相似问题