[英]How do I get the value of an Array without knowing the name of the Array
im currently working on a user authentication system using expressJS.我目前正在使用 expressJS 开发用户身份验证系统。 Therefore to encrypt my data I am using bcrypt.
因此,为了加密我的数据,我正在使用 bcrypt。 Then I save the encrypted data to a MySQL Database.
然后我将加密数据保存到 MySQL 数据库中。 Then when logging in I get the saved password using
SELECT password FROM USERS WHERE email=${emailUserEntered}
.然后在登录时,我使用
SELECT password FROM USERS WHERE email=${emailUserEntered}
获取保存的密码。 Well that works but it gives me this output:很好,但它给了我这个 output:
[
{
password: '$2b$10$MyvQenconTHygpwbY/1ExampleHashYju2i8Bq'
}
]
My code:我的代码:
let userPassword = await db.promise().query(`SELECT password FROM USERS WHERE email='${req.body.email}';`);
const data = userPassword[0].password;
console.log(data)
var result = bcrypt.compareSync(req.body.password, data);
if (result) {
res.send('SUCCESS!');
} else {
res.send('WRONG!');
}
How can only get the actual hash as a String and not the brackets and all that?如何只能将实际的 hash 作为 String 而不是括号等等?
Thanks in advance, have a nice day提前致谢,祝你有美好的一天
I suspect your library's query()
might be returning a [rows, fields]
array.我怀疑您的图书馆的
query()
可能会返回一个[rows, fields]
数组。
mysql2
's query()
does, at least. mysql2
的query()
至少可以。
Maybe the below?:也许是下面?:
let [rows, fields] = await db.promise().query(`SELECT password FROM USERS WHERE email='${req.body.email}';`);
const password = rows[0].password;
console.log(password)
Warning : also, the above code may potentially lead to a frightful SQL injection depending on what may hide under the req.body.email
.警告:另外,上面的代码可能会导致可怕的SQL 注入,具体取决于隐藏在
req.body.email
下的内容。 Please take a look at the Prepared Statements to mitigate this.请查看Prepared Statements以减轻这种情况。 More info: How can prepared statements protect from SQL injection attacks?
更多信息: 准备好的语句如何防止 SQL 注入攻击? .
.
I guess you are using JavaScript, so you can do something like that我猜你正在使用 JavaScript,所以你可以这样做
const {password} = JSON.parse(JSON.stringify(SQL_QUERY_RES).then(items=>items[0])
or或者
const data = JSON.parse(JSON.stringify(SQL_QUERY_RES))[0].password
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.