CLEARDB 中 where 和 like 的区别
Difference between where and like in CLEARDB
我正在尝试一个简单的 nodejs 登录系统并希望使用以下查询:
"SELECT * FROM admin_cred WHERE username = '?' AND password = '?'", [username], [password]
但它根本 return 什么都没有,所以我不得不这样做:
'SELECT * from admin_cred where username like "%'+username+'%" AND password like "%'+password+'%"'
这是代码段:
const result = await database.query(
"SELECT * FROM admin_cred WHERE username = '?' AND password = '?'", [username], [password]
// 'SELECT * from admin_cred where username like "%'+username+'%" AND password like
"%'+password+'%"'
);
谁能指出为什么第一个查询不起作用?
这两种说法的区别是什么?
N.B:这是我第一次在 heroku 上使用 cleardb,有些地方似乎与 MySql 不同。代码中的其他所有内容都有效,所以我缩小了问题范围
编辑 1
我刚刚注意到第二个查询是 运行 尽管密码是错误的
更新 1
这是请求的节点js代码:
class auth {
constructor(app, database) {
this.login(app, database);
}
//http://localhost:8000/api/auth/v1/login
login(app, database) {
app.post("/api/auth/v1/login", async (request, response) => {
const username = request.body.username;
const password = request.body.password;
try {
const result = await database.query(
"SELECT * FROM admin_cred WHERE username = '?'", [username]
);
console.log(result);
if(result.length > 0){
if(password === result[0].password){
response.json({
loggedIn:"true",
data: username
})
}else{
response.json({
loggedIn:"false",
data: "wrong username or pass"
})
}
}else{
response.json({
loggedIn:"false",
data:"username doesnt exist"
})
}
} catch (error) {
console.log(error);
}
});
}
}
这是来自 ReactJs 的 post 请求:
const handleLogin = async (e) =>{
e.preventDefault();
const admin = {username, password};
const response = await axios.post(
"http://localhost:8000/api/auth/v1/login",
admin
);
if(response.length > 0){
console.log("response: " + response);
}else{
console.log("no response")
}
};
使用:
const result = await database.query(
'SELECT * FROM admin_cred WHERE username = "?" AND password = "?"', [username, password]
);
提示:切勿使用 LIKE 进行身份验证查询并尝试加密密码。
我正在尝试一个简单的 nodejs 登录系统并希望使用以下查询:
"SELECT * FROM admin_cred WHERE username = '?' AND password = '?'", [username], [password]
但它根本 return 什么都没有,所以我不得不这样做:
'SELECT * from admin_cred where username like "%'+username+'%" AND password like "%'+password+'%"'
这是代码段:
const result = await database.query(
"SELECT * FROM admin_cred WHERE username = '?' AND password = '?'", [username], [password]
// 'SELECT * from admin_cred where username like "%'+username+'%" AND password like
"%'+password+'%"'
);
谁能指出为什么第一个查询不起作用?
这两种说法的区别是什么?
N.B:这是我第一次在 heroku 上使用 cleardb,有些地方似乎与 MySql 不同。代码中的其他所有内容都有效,所以我缩小了问题范围
编辑 1
我刚刚注意到第二个查询是 运行 尽管密码是错误的
更新 1 这是请求的节点js代码:
class auth {
constructor(app, database) {
this.login(app, database);
}
//http://localhost:8000/api/auth/v1/login
login(app, database) {
app.post("/api/auth/v1/login", async (request, response) => {
const username = request.body.username;
const password = request.body.password;
try {
const result = await database.query(
"SELECT * FROM admin_cred WHERE username = '?'", [username]
);
console.log(result);
if(result.length > 0){
if(password === result[0].password){
response.json({
loggedIn:"true",
data: username
})
}else{
response.json({
loggedIn:"false",
data: "wrong username or pass"
})
}
}else{
response.json({
loggedIn:"false",
data:"username doesnt exist"
})
}
} catch (error) {
console.log(error);
}
});
}
}
这是来自 ReactJs 的 post 请求:
const handleLogin = async (e) =>{
e.preventDefault();
const admin = {username, password};
const response = await axios.post(
"http://localhost:8000/api/auth/v1/login",
admin
);
if(response.length > 0){
console.log("response: " + response);
}else{
console.log("no response")
}
};
使用:
const result = await database.query(
'SELECT * FROM admin_cred WHERE username = "?" AND password = "?"', [username, password]
);
提示:切勿使用 LIKE 进行身份验证查询并尝试加密密码。