dongruoqiong9017
2014-12-13 20:49
浏览 38

iOS应用程序通过MySQLi登录

I'm creating an app wherein the user can access a database using PHP and MySQLi.

For creating the account I create a url string with the parameters appended on the end which is then read using $_GET in my signup.php file and added to the database (I'll be adding things like email activation later).

Two questions:

  1. Is there a problem using $_GET in this fashion? since I'm appending the email and password to the url string, I feel its not secure, but since its inside the app I'm not as sure.

  2. How should I handle the login? The way I was thinking was to use $_GET method again and using this information in a query to check for matching results then return a message which the app would pick up to log the user in.

图片转代码服务由CSDN问答提供 功能建议

我正在创建一个应用程序,用户可以使用PHP和MySQLi访问数据库。

为了创建帐户,我创建了一个url字符串,其末尾附加了参数,然后在我的signup.php文件中使用$ _GET读取并添加到数据库中(稍后我将添加电子邮件激活等内容) )。

两个问题:

  1. 使用 $ _ GET 时出现问题 这个时尚? 因为我将电子邮件和密码附加到网址字符串,我觉得它不安全,但由于它在应用程序内部我不太确定。

  2. 如何 我应该处理登录吗? 我想的方法是再次使用 $ _ GET 方法并在查询中使用此信息来检查匹配结果,然后返回应用程序将选择以记录用户的消息。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongre1907 2014-12-13 22:07
    已采纳
    1. Is there a problem using $_GET in this fashion? since I'm appending the email and password to the url string, I feel its not secure, but since its inside the app I'm not as sure.

    You're right. It's not secure. Anybody on the same wifi network as the device can see the password.

    How should I handle the login?

    Buy an SSL certificate for the server and use https. This will make what you're doing secure.

    There are no other alternatives, SSL is the way to go.

    已采纳该答案
    打赏 评论

相关推荐 更多相似问题