PHP MySQL 将第五列添加到查询中断脚本
PHP MySQL Adding fifth column to query breaks script
我正在尝试将用户组添加到我的登录系统,但是每当我将最后一列添加到脚本中时,它会破坏所有内容。我试图将它添加到我的 prepare 语句并将其绑定到一个变量,然后将该值存储到 $_SESSION 变量中。我不知道我哪里出了问题。
这是我添加最后一列之前的代码:
function login($email, $password, $mysqli)
{
if($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email=? LIMIT 1"))
{
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $salt);
$stmt->fetch();
$password= hash('key', $password . $salt);
if ($stmt->num_rows == 1)
{
if(checkbrute($user_id, $mysqli) == true)
{
//account is locked
//send email to user saying acc is locked
return false;
}
else
{
if($db_password == $password)
{
//password is correct
//get useragent string of the user
$user_browser = $_SERVER['HTTP_USER_AGENT'];
//XSS protect as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
//XSS protect as we might print this value.
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('key', $password . $user_browser);
//login successful
return true;
}
else
{
//password is not correct
//we record this attempt in the db
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id, '$now')");
return false;
}
}
}
else
{
//no user exists.
return false;
}
}
}
这是之后的:
function login($email, $password, $mysqli)
{
if($stmt = $mysqli->prepare("SELECT id, username, password, salt, group FROM members WHERE email=? LIMIT 1"))
{
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $salt, $usr_group);
$stmt->fetch();
$password= hash('key', $password . $salt);
if ($stmt->num_rows == 1)
{
if(checkbrute($user_id, $mysqli) == true)
{
//account is locked
//send email to user saying acc is locked
return false;
}
else
{
if($db_password == $password)
{
//password is correct
//get useragent string of the user
$user_browser = $_SERVER['HTTP_USER_AGENT'];
//XSS protect as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
//XSS protect as we might print this value.
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['user_group'] = $usr_group;
$_SESSION['login_string'] = hash('key', $password . $user_browser);
//login successful
return true;
}
else
{
//password is not correct
//we record this attempt in the db
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id, '$now')");
return false;
}
}
}
else
{
//no user exists.
return false;
}
}
}
如有任何帮助,我们将不胜感激。
group 是 mysql 中的 reserved word,请尝试用反引号将其包裹起来 `(或避免在您的 table 架构):
"SELECT id, username, password, salt, `group` FROM members WHERE email=? LIMIT 1"
避免使用组,因为这是 SQL 中的保留字。
将您的声明更改为:
SELECT id, 用户名, 密码, salt, usergroup FROM members WHERE email=?限制 1
这意味着您需要重命名您的列:
ALTER TABLE members 将 COLUMN 组重命名为用户组;
我正在尝试将用户组添加到我的登录系统,但是每当我将最后一列添加到脚本中时,它会破坏所有内容。我试图将它添加到我的 prepare 语句并将其绑定到一个变量,然后将该值存储到 $_SESSION 变量中。我不知道我哪里出了问题。
这是我添加最后一列之前的代码:
function login($email, $password, $mysqli)
{
if($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email=? LIMIT 1"))
{
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $salt);
$stmt->fetch();
$password= hash('key', $password . $salt);
if ($stmt->num_rows == 1)
{
if(checkbrute($user_id, $mysqli) == true)
{
//account is locked
//send email to user saying acc is locked
return false;
}
else
{
if($db_password == $password)
{
//password is correct
//get useragent string of the user
$user_browser = $_SERVER['HTTP_USER_AGENT'];
//XSS protect as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
//XSS protect as we might print this value.
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('key', $password . $user_browser);
//login successful
return true;
}
else
{
//password is not correct
//we record this attempt in the db
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id, '$now')");
return false;
}
}
}
else
{
//no user exists.
return false;
}
}
}
这是之后的:
function login($email, $password, $mysqli)
{
if($stmt = $mysqli->prepare("SELECT id, username, password, salt, group FROM members WHERE email=? LIMIT 1"))
{
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $salt, $usr_group);
$stmt->fetch();
$password= hash('key', $password . $salt);
if ($stmt->num_rows == 1)
{
if(checkbrute($user_id, $mysqli) == true)
{
//account is locked
//send email to user saying acc is locked
return false;
}
else
{
if($db_password == $password)
{
//password is correct
//get useragent string of the user
$user_browser = $_SERVER['HTTP_USER_AGENT'];
//XSS protect as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
//XSS protect as we might print this value.
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['user_group'] = $usr_group;
$_SESSION['login_string'] = hash('key', $password . $user_browser);
//login successful
return true;
}
else
{
//password is not correct
//we record this attempt in the db
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id, '$now')");
return false;
}
}
}
else
{
//no user exists.
return false;
}
}
}
如有任何帮助,我们将不胜感激。
group 是 mysql 中的 reserved word,请尝试用反引号将其包裹起来 `(或避免在您的 table 架构):
"SELECT id, username, password, salt, `group` FROM members WHERE email=? LIMIT 1"
避免使用组,因为这是 SQL 中的保留字。
将您的声明更改为: SELECT id, 用户名, 密码, salt, usergroup FROM members WHERE email=?限制 1
这意味着您需要重命名您的列: ALTER TABLE members 将 COLUMN 组重命名为用户组;