dongqiuxu2270 2016-05-16 19:37
浏览 39
已采纳

如何在查询中使用加密密码?

Before I start, I will state that at the moment I'm stuck with the old mysql API.

I use this function for password creation.

$password = $_POST[password];
$passwordhashed = password_hash($password, PASSWORD_DEFAULT);

However, now I need to run a query like this one:

$query_f = mysql_query("SELECT fiscal FROM list WHERE password='$password'");

but obviously I can't use $password because in the database it's encrypted with a random salt. So how do I do it?

This is not what I'm actually gonna do. For the reasons I don't wanna bother you with, I would like to know if it's possible and how.

  • 写回答

1条回答 默认 最新

  • donglv7097 2016-05-16 19:39
    关注

    You don't. Look up the user by some identifier (like a username or email address) and then check if the password field matches with password_verify. You specifically can't lookup a user by salted password hash, that would defeat the point of salting.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?