After successfully verifying username exists in the database, I need to verify whether the password matches as well. Therefore, I need to retrieve the hashed password from the database, right? Or do I have other choices?
I'm using PHP 5.5 API bcrypt for hashing. My code would give me a 500 internal server error when I get the password from database. How do I do this correctly?
Here's my php code:
// If found username, check password, else respond invalid username
if($countRows!==0){
// Get hash from database
// Prepare statement
$stmt = $conn->prepare('SELECT password FROM users WHERE username = ?');
// Bind
$stmt->bind_param('s', $ps_username);
// Set Parameters
$ps_username = $username;
// Execute
$hash = $stmt->execute();
// Check password
if (!password_verify($password, $hash)) {
if($error != ""){
$error .= '
';
}
$error .= 'The user or password you entered do not match, please try again.';
}
else {
echo 'OK';
// Session start
// Redirect user to profile/homepage
}
}
And can someone recommend something that I can learn SQL commands? I can't find a good place for that.
解决方案
execute() does not return any column data. It returns a boolean (true/false). This is where your code block first fails:
$hash = $stmt->execute();
You can view examples on how to fetch data from the result set here: http://php.net/manual/en/mysqli-stmt.fetch.php
An example being:
$stmt->execute();
$stmt->bind_result($hash);
$stmt->fetch();
In response to:
And can someone recommend something that I can learn SQL commands?
This is pretty much off topic for Stackoverflow but the PHP manual for mysqli can show you how to use the mysqli API fairly well with plenty of examples. If you want to learn the Structured Query Language itself, then there are plenty of external resources for that, including MySQL's documentation.
435
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
