这样
if ($user!="" and $pass!=""){
$result=$db->query("select pwd,username from passwd where userid='$user'");
$db->next_record();
$row1=$db->f(pwd);
$userpwd=$db->query("select password('$pass') as passwd");
$db->next_record();
$row2=$db->f(passwd);
if ($row1==$row2){
include "login.php";
exit;
}else{
include "false.php";
exit;
}
if ($user!="" and $pass!=""){
$result=$db->query("select pwd,username from passwd where userid='$user'");
$db->next_record();
$row1=$db->f(pwd);
$userpwd=$db->query("select password('$pass') as passwd");
$db->next_record();
$row2=$db->f(passwd);
if ($row1==$row2){
include "login.php";
exit;
}else{
include "false.php";
exit;
}
解决方案 »
- 希望大家看看这条语句如何优化!
- RSS订阅添加到数据库,如何覆盖原先的数据?
- MySQL插入大量数据太慢的问题
- mysql的疑难杂症请教
- mysql-data-seek Offset 0 is invalid for msql result index
- 关于MySQL中的group by,多谢!
- 关于中文的郁闷问题
- mysql中能否用 describe tables 等查询结果复制成表或应用在子查询中?
- The server encountered an internal error
- 我导出的sql文件问什么突然增大了
- 好消息,最新版Mysql已经支持简单的事务处理了,免费而精美的午餐就要来了!
- 请问如何将excel格式的数据导入到用MYSQL做的数据库中.高分相送噢!!!!!!!
这种写是很有问题的,可以通过特殊的输入绕过password,最好还是要海贝写的那种方法比较安全。
password是mysql带的,不是php的函数而且password是不可逆的,你只有将原来未加密的数据用password加密后再比较才可以
Database changed
mysql> grant all on *.* to yufan@localhost IDENTIFIED by '130182' with grant opt
ion;
Query OK, 0 rows affected (0.00 sec)mysql> select * from user;
+-----------+-------+------------------+-------------+-------------+------------
-+-------------+-------------+-----------+-------------+---------------+--------
------+-----------+------------+-----------------+------------+------------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv
| Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process
_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv |
+-----------+-------+------------------+-------------+-------------+------------
-+-------------+-------------+-----------+-------------+---------------+--------
------+-----------+------------+-----------------+------------+------------+
| localhost | root | | Y | Y | Y
| Y | Y | Y | Y | Y | Y
| Y | Y | Y | Y | Y |
| % | | | N | N | N
| N | N | N | N | N | N
| N | N | N | N | N |
| localhost | | | Y | Y | Y
| Y | Y | Y | Y | Y | Y
| Y | Y | Y | Y | Y |
| % | root | | Y | Y | Y
| Y | Y | Y | Y | Y | Y
| Y | Y | Y | Y | Y |
| localhost | yufan | 31bd15317946af85 | Y | Y | Y
| Y | Y | Y | Y | Y | Y
| Y | Y | Y | Y | Y |
+-----------+-------+------------------+-------------+-------------+------------
-+-------------+-------------+-----------+-------------+---------------+--------
------+-----------+------------+-----------------+------------+------------+
5 rows in set (0.00 sec)mysql>这是我在命令行下加了一个root用户,自动加密的。
然后我写个php脚本来说明问题所在<?
$conn = mysql_connect('localhost','','');
mysql_select_db('mysql');
$sql = "select Password from user where user = 'yufan'";
$res = mysql_query($sql);
$pass = mysql_result($res,0);
echo $pass;
echo "<br>";
if ($pass = "130182")
{
echo "zxyufan";
}
?>然后在页面上的显示是
31bd15317946af85
zxyufan