dtzhfb4869
2019-08-11 10:59
浏览 46
已采纳

检查输入框中的字符串是否等于SQL SERVER,PHP中的varbinary(max) SQL SERVER 2012

I'm having a problem with my login page.

I'm converting my password from string to varbinary(max), my problem now is how can I compare or verify if my string inputted for logging in is equal to the stored data in the table.

Example.

The value of my password before being converted is 12345. After being converted via CONVERT(varbinary(max),'12345'), the data now reflects as 0x3132333435.

How will I be able to verify if my inputted password (12345) in my input box is similar to the value if converted into varbinary(max) 0x3132333435?

I'm using SQL SERVER 2012, XAMPP, and SQLSRV for conncetion.

Thank you so much in advance.

This is my login.php

<?php
    session_start();
    include 'includes/conn.php';

    if (isset($_POST['login'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        $sql = "
SELECT username,cast(password as varchar(max)) as password 
FROM usermasterfile 
WHERE username ='$username'";

        include 'query/sqlsrv_query-global.php';

        if (sqlsrv_num_rows($query) < 1) {
            $_SESSION['error'] = 'Cannot find account with the username';
        } else {
            $row = sqlsrv_fetch_array($query, SQLSRV_FETCH_ASSOC);
            if ($password == $row['password']) {
                $_SESSION['employeeidno'] = $row['employeeidno'];
            }
            else{
                $_SESSION['error'] = 'Incorrect password';
            }
        }
    }
    else{
        $_SESSION['error'] = 'Input credentials first';
    }

    header('location: index.php');
?>

EDIT: FIXED IT!

SELECT *,cast(password as varchar(max)) as maxpassword 
FROM usermasterfile 
WHERE username ='$username'";````
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongpang2483 2019-08-11 11:11
    已采纳

    You can cast your varbinary back to varchar value as

    SELECT cast(0x3132333435 as varchar(max)) as varchar_value
    
    varchar_value
    -------------
    12345
    

    So, use the above casting in your code's comparison part.

    点赞 打赏 评论

相关推荐 更多相似问题