我似乎找不到一个错误与我的代码,即使当我交叉检查它与其他问题在stackoverflow。有人能看出我犯了什么愚蠢的错误吗?这通常是个愚蠢的错误。
<?php
session_start();
$user = $_REQUEST['myusername'] ;
$pass = $_REQUEST['mypassword'] ;
$salt = "TheSaltGoesHere";
$password = md5($salt.$pass);
$db = new PDO("sqlite:/resources/database.db");
$result = $db->query("SELECT COUNT(*) AS count FROM clients WHERE user = '$user' AND pass = '$password'");
if ($result->fetchColumn() > 0) {
$_SESSION['loggedin'] = true;
echo "It worked";
};
if(!$_SESSION['loggedin']){
echo "It failed";
exit;
};
?>
我得到一个普通的500错误。但是我的语法是正确的
你有一些问题,所以我已经发布了一个小重写。它使用预处理语句。至于MD5,我想这取决于你的用户群,无论如何,使用盐做得很好。我在调试开关,所以你可以看到一些信息,如果它不与你的代码直接工作。
<?php
session_start();
$user = $_REQUEST['myusername'] ;
$pass = $_REQUEST['mypassword'] ;
$salt = "ysgf8o3w74gf";
$password = md5($salt.$pass);
$debug = true;
try {
$db = new PDO('sqlite:database.db');
if($debug) $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
if($debug) echo 'Connection failed: ' . $e->getMessage();
die();
}
if($debug) $db->query('CREATE TABLE IF NOT EXISTS clients (user TEXT, pass TEXT);');
$statement = $db->prepare('
SELECT COUNT(*) AS count FROM clients WHERE user = :user AND pass = :pass
');
$statement->bindValue(':user', $user );
$statement->bindValue(':pass', $pass );
$statement->execute();
$_SESSION['loggedin'] = false;
if ($statement->fetchColumn() > 0) {
$_SESSION['loggedin'] = true;
echo "It worked";
};
if(!$_SESSION['loggedin']){
echo "It failed";
exit;
};
?>