dtpyvb1873 2018-07-16 08:12
浏览 152
已采纳

解密和验证登录详细信息时,md5不起作用

I have encrypted and store password. Once user login I want to decrypt and validate .But following code is not able to do that. Can any body help with this?

<?php
   include("config.php");


   if($_SERVER["REQUEST_METHOD"] == "POST") {


      $myusername = mysqli_real_escape_string($con,$_POST['username']);
      $mypassword =md5(mysqli_real_escape_string($con,$_POST['password']));


      $sql = "SELECT id FROM services WHERE user_name = '$myusername' and password = '$mypassword'";
      $result = mysqli_query($con,$sql);
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);


      $count = mysqli_num_rows($result);



      if($count == 1) {

         echo "success";

      }else {
         echo "fail";
      }
   }
?>
  • 写回答

3条回答 默认 最新

  • dongzhuoxie1244 2018-07-16 08:25
    关注

    1. It isn't necessary to escape value, that will be md5-hashed. You even could change the password (and md5 hash) if it contains some special char. For example, lets see at password's test' hashes:

      echo md5(mysqli_real_escape_string($con,$_POST['password']));
echo md5($_POST['password']);

    Output is:

    e1e7975d4f1958297ede35ea4fc13a27
5c28a8c6d799d302f3ef53afefdfc81b

    1. You shouldn't do:

      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);

    because you don't use it later and you don't check if num_rows > 0 and it'll give an error if there are 0 records.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 关于#python#的问题:求帮写python代码
  • ¥15 LiBeAs的带隙等于0.997eV,计算阴离子的N和P
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 来真人,不要ai!matlab有关常微分方程的问题求解决,
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿
  • ¥15 回答4f系统的像差计算
  • ¥15 java如何提取出pdf里的文字?