我試圖處理密碼的MD5到數據庫中,這是有關代碼:傳中password_hash場PDO
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass);
$insert->execute();
}elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$select = $pdo->prepare("SELECT * FROM users WHERE email='$email' and pass='$pass'");
$select->setFetchMode();
$select->execute();
$data=$select->fetch();
if($data['email']!=$email and $data['pass']!=$pass) {
echo "invalid email or pass";
}
elseif($data['email']==$email and $data['pass']==$pass) {
$_SESSION['email']=$data['email'];
$_SESSION['name']=$data['name'];
header("location:profile.php");
}
}
在db什麼長度是合適的存儲這個散列密碼?
我如何使用:
$hashed_password = password_hash($pass, PASSWORD_DEFAULT);
var_dump($hashed_password);
和if語句,如果密碼是確定的?
你爲什麼不嘗試看到?它看起來是正確的,除了'md5()'是舊的和破碎的事實。你應該考慮使用'password_hash()'代替 – Qirel
而不是使用'md5',使用'password_ *'api來代替http://stackoverflow.com/questions/30279321/how-to-use-password-hash – Ghost
我改變了我的代碼使用password_hash,但我不知道如何將if語句包裹在我的insert – user2371684