PHP登錄鹽不起作用

Question

所以我相當新的PHP，但我試圖創建一個簡單的登錄系統。

我現在所面臨的問題是，由於某種原因，第二個SQL語句失敗，或者什麼都不回饋。

這裏是我使用的代碼。

include 'dbConn.php'; 
if(isset($_POST['submit'])) 
{ 
    global $conn; 
    $username = $_POST['username']; 
    $password = $_POST['password']; 

    $saltSql = "SELECT salt FROM users WHERE email = '$username'"; 
    $saltRes = $conn->query($saltSql); 
    while($resRow = $saltRes->fetch_assoc()){ 
     $salt = $resRow['salt']; 
    } 
    $saltedHash = hash("sha512", ($password . $salt)); 
    $sql = "SELECT email, role, FROM users WHERE email = '$username' AND password = '$saltedHash'"; 
    $res = $conn->query($sql); 

    if($res->num_rows == 1) 
    { 
    //Logged in succesfully 
     echo "Logged in!"; 
    } 
    else 
    { 
     //Something went wrong 
     echo "Something went wrong"; 
    } 
    $conn->close(); 
} 

當我嘗試手動執行在phpMyAdmin第二個查詢我得到這個錯誤：＃1064 - 你在你的SQL語法錯誤;檢查與您的MySQL服務器版本相對應的手冊，以便在第1行的'FROM users WHERE email ='username'AND password ='5111109d49bc1'附近使用正確的語法。

我真的很感謝這方面的幫助。

Answer 1

您的問題似乎是這樣的：

$sql = "SELECT email, role, FROM users WHERE email = '$username' AND password = '$saltedHash'" 
--------------------------^ 

你有一個額外的逗號,導致崩潰的SQL查詢。刪除它，它的工作原理：

$sql = "SELECT email, role FROM users WHERE email = '$username' AND password = '$saltedHash'"