doutuo7815
2018-02-18 13:04
浏览 424
已采纳

php mysql where语句,如果第二个条件为false,则返回true

I am running a mysql statement which actually evaluates to true despite the incorrectness of a value. Bellow is the function

<?php
public function login_user($username, $password){

      if(!empty($username) && !empty($password)){
        $sql = "SELECT * FROM `users` WHERE `user_name`='$username' AND `user_password`='$password'";
        $query = $this->link->query($sql);

        if($this->link->error){
            //return false;
            $this->log_db_error($this->link->error, $sql);
            return false;
        }
        else{

            return true;
        }
    }
    else{
      return false;
    }
  }
?>

Calling this function with the params and passing a correct username and a wrong password actually returns true, where am I messing up? Any help

图片转代码服务由CSDN问答提供 功能建议

我正在运行一个mysql语句,尽管值不正确,但实际上该语句的结果为true。 Bellow是函数

 &lt;?php 
public function login_user($ username,$ password){
 
 if if(!empty($ username)&amp;&amp;  !empty($ password)){
 $ sql =“SELECT * FROM`user` WHERE`user_name` ='$ username'AND`user_password` ='$ password'”; 
 $ query = $ this-&gt;  link-&gt; query($ sql); 
 
 if if($ this-&gt; link-&gt; error){
 // return false; 
 $ this-&gt; log_db_error($ this-&gt; link  - &gt;错误,$ sql); 
返回false; 
} 
 else {
 
返回true; 
} 
} 
其他{
返回false; 
} 
} \  n?&gt; 
   
 
 

使用params调用此函数并传递正确的用户名和错误的密码实际上返回true,我在哪里弄乱? 任何帮助

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dsqa6272 2018-02-18 13:14
    已采纳

    Because the sql query is totally valid even if the combination of username and password doesn't exist in database.

    You can achieve what you want by: Checking if query returns empty dataset.

    Some Tips: 1. Your query is prone to sql injection. It is good practice to use prepare and then bind all the input parameters. 2. It's good to keep passwords in hash (Like md5 or BCrypt) in database.

    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题