[英]Why am I receiving (apparently) random results from my MySQL query?
For clarification, I am essentially re-writing this question. 为了澄清,我基本上重写了这个问题。
I have a table, as defined below: 我有一张桌子,定义如下:
CREATE TABLE IF NOT EXISTS `user` (
`userid` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`status` enum('banned','moderated','user','author','moderator','admin','owner') NOT NULL DEFAULT 'user',
`password` char(128) NOT NULL,
`salt` char(128) NOT NULL,
`description` text,
PRIMARY KEY (`userid`),
UNIQUE KEY `email` (`email`),
UNIQUE KEY `name` (`name`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;
The table dump -- with e-mail field redacted -- is: 表转储 - 带有电子邮件字段编辑 - 是:
--
-- Dumping data for table `user`
--
INSERT INTO `user` (`userid`, `name`, `email`, `status`, `password`, `salt`, `description`) VALUES
(1, 'Rilbur Skryler', '', 'owner', '2008dff1d727007691867904af3a96677ec81847ff943470a9596b184ffdb8b0de03e6fa68d9a6cb03170bff78d8d50f703bcec9120727b9eee5dbceeb1bc26e', '5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049', 'Site owner and administrator'),
(2, 'Zacky', '', 'author', 'e7a10ef6b58734093286bb7ebba65b8dd36c1cc18bc59f16a6e05760230f228fbb0464131b6c1e4768e26792e9194f43d78c277eb7ac86775f9b46bbe4d9dde2', 'f42029a7c657e3998443ca1f1043202f8431fba3ec9471e389752e3e83c790d6193292678a5878dd45ba6d7496521bf8ecd6e469455d4c34d95b36495691941a', 'Wacky!'),
(3, 'Roland', '', 'author', 'e7a10ef6b58734093286bb7ebba65b8dd36c1cc18bc59f16a6e05760230f228fbb0464131b6c1e4768e26792e9194f43d78c277eb7ac86775f9b46bbe4d9dde2', 'f42029a7c657e3998443ca1f1043202f8431fba3ec9471e389752e3e83c790d6193292678a5878dd45ba6d7496521bf8ecd6e469455d4c34d95b36495691941a', 'Involuntary addition.');
The actual PHP code (with added comments) is: 实际的PHP代码(添加了注释)是:
$query="select ".db_prefix."user.salt, ".db_prefix."user.password from ".db_prefix."user where ".db_prefix."user.userid=:id";
echo $query.$id;//generates: select user.salt, user.password from user where user.userid=:id
$statement=$db->prepare($query);
$statement->execute(array('id'=>$id));
if($row=$statement->fetch())
{
$salt=$row[0];//row[0] is filled with a randomized result as shown two lines down
var_dump($row);
echo "pre one: $salt\r\n";//I'm outputting the value of the salt, which appears to be randomly generated.
echo "one";
$passwordsalt=generateValueFromPasswordAndSalt($password, $salt);//Used to call the routine that generates a value from the combination of a password string and the salt.
return $passwordsalt==$row[1];//This always returns 'false' because the stored password value never matches the generated value, as a result of the salt being the wrong string.
}
This problem has been driving me batty. 这个问题一直让我感到沮丧。 The value retrieved for the salt appears to be randomly generated (I say 'appears' because I know it shouldn't be random, I have to be missing something).
为盐检索的值似乎是随机生成的(我说'看起来'因为我知道它不应该是随机的,我必须遗漏一些东西)。 Various changes, such as reversing the salt and password values in the query or replacing them with a select * resolve the problem.
各种更改,例如在查询中反转salt和password值或用select *替换它们可以解决问题。 That's great, but I don't understand why they solve it, so I don't trust them.
这是伟大的,但我不明白为什么他们解决它,所以我不信任他们。 (Plus, I want to learn why it's happening so I can avoid it in the future)
(另外,我想知道为什么会这样,所以我将来可以避免它)
If it matters, I'm using a PDO database object initialized as follows: 如果重要,我正在使用如下初始化的PDO数据库对象:
function get_DB()
{
static $db;
if(isset ($db))
{
return $db;
}
else
{
try{
$dsn = "mysql:host=".db_host.";dbname=".db_name;
$db = new PDO($dsn, updater_login, updater_password);
return $db;
}
catch(PDOException $e)
{
//echo $e->getMessage();
return NULL;
}
}
}
Randomly returned salt values include: 随机返回的盐值包括:
9ed1358ccb614ee86f17a3cc964caaad3ab8ede7d705960aac2d5f4448c0f85d0acf581e2225d567789ac2f678b6a6662e4e7a8e55efb0d92be903249c44af7f 9ed1358ccb614ee86f17a3cc964caaad3ab8ede7d705960aac2d5f4448c0f85d0acf581e2225d567789ac2f678b6a6662e4e7a8e55efb0d92be903249c44af7f
6feff9b576ba0b0aa5e3d61996e723ddc4bdc3e7777469409b4da095aae6fb9a6df84fdaa96029a27e07714c670d18c2b8707453e515a3632383b6b03925b04b 6feff9b576ba0b0aa5e3d61996e723ddc4bdc3e7777469409b4da095aae6fb9a6df84fdaa96029a27e07714c670d18c2b8707453e515a3632383b6b03925b04b
60fdc33fa77029f4627c39558417b1bb492a02d8cd56571b3091aff2123ee5545c5717a6a7c0553c7c659864e947f28c65627f3d288c51ef6c9b6de3f5175417 60fdc33fa77029f4627c39558417b1bb492a02d8cd56571b3091aff2123ee5545c5717a6a7c0553c7c659864e947f28c65627f3d288c51ef6c9b6de3f5175417
PHP output: PHP输出:
Run One: 跑一:
select user.salt, user.password from user where user.userid=:id1<pre class='xdebug-var-dump' dir='ltr'>
<b>array</b>
'salt' <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'15316153f3206618917cf7319747eda5871a7b8e942b54dba6f42e8bc491197450285504a37eb825e6aff04871fde52c49e029cf7e3a1d8cb9fe8a0422f4cd03'</font> <i>(length=128)</i>
0 <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'15316153f3206618917cf7319747eda5871a7b8e942b54dba6f42e8bc491197450285504a37eb825e6aff04871fde52c49e029cf7e3a1d8cb9fe8a0422f4cd03'</font> <i>(length=128)</i>
'password' <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'a0d2c6b1bf7163f85738627ffbfd5bd343e9bdaf0b98f00f63f020abac398df426d01f1bdcd8a46771af881640a4210b536cc89b7cea91637d7db705e64144cc'</font> <i>(length=128)</i>
1 <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'a0d2c6b1bf7163f85738627ffbfd5bd343e9bdaf0b98f00f63f020abac398df426d01f1bdcd8a46771af881640a4210b536cc89b7cea91637d7db705e64144cc'</font> <i>(length=128)</i>
</pre>pre one: 15316153f3206618917cf7319747eda5871a7b8e942b54dba6f42e8bc491197450285504a37eb825e6aff04871fde52c49e029cf7e3a1d8cb9fe8a0422f4cd03
one
Run Two: 第二轮:
select user.salt, user.password from user where user.userid=:id1<pre class='xdebug-var-dump' dir='ltr'>
<b>array</b>
'salt' <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049'</font> <i>(length=128)</i>
0 <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049'</font> <i>(length=128)</i>
'password' <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'2008dff1d727007691867904af3a96677ec81847ff943470a9596b184ffdb8b0de03e6fa68d9a6cb03170bff78d8d50f703bcec9120727b9eee5dbceeb1bc26e'</font> <i>(length=128)</i>
1 <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'2008dff1d727007691867904af3a96677ec81847ff943470a9596b184ffdb8b0de03e6fa68d9a6cb03170bff78d8d50f703bcec9120727b9eee5dbceeb1bc26e'</font> <i>(length=128)</i>
</pre>pre one: 5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049
one
Run Three: 运行三:
select user.salt, user.password from user where user.userid=:id1<pre class='xdebug-var-dump' dir='ltr'>
<b>array</b>
'salt' <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'5df34898a394a3476ed96bc16b5b015a776c25912ba5b94427ff09e2331267ad100f7218e636eb50635a459ca5cfa00cee846db889a920c87cb25bddb47888bf'</font> <i>(length=128)</i>
0 <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'5df34898a394a3476ed96bc16b5b015a776c25912ba5b94427ff09e2331267ad100f7218e636eb50635a459ca5cfa00cee846db889a920c87cb25bddb47888bf'</font> <i>(length=128)</i>
'password' <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'3f9e5a9a6d387d411439d51744b3bb402c67cba64a36f47d82fe92d583ead1e26752aeeaf42bca12d8ef18a5423d2cab79c985f4fbfce1a6e53532453787419e'</font> <i>(length=128)</i>
1 <font color='#888a85'>=></font> <small>string</small> <font color='#cc0000'>'3f9e5a9a6d387d411439d51744b3bb402c67cba64a36f47d82fe92d583ead1e26752aeeaf42bca12d8ef18a5423d2cab79c985f4fbfce1a6e53532453787419e'</font> <i>(length=128)</i>
</pre>pre one: 5df34898a394a3476ed96bc16b5b015a776c25912ba5b94427ff09e2331267ad100f7218e636eb50635a459ca5cfa00cee846db889a920c87cb25bddb47888bf
one
EDIT 编辑
Okay, another answer titled "How to ask sane questions". 好的,另一个题为“如何提出合理的问题”的答案。
If you encountered a strange behavior and going to ask a question about it, a detailed investigation report is a must. 如果您遇到了一个奇怪的行为并要询问有关它的问题,则必须提供详细的调查报告 。
There is no point in telling us "I did this, I did that". 没有必要告诉我们“我这样做了,我做到了”。 You are going to ask US - thus, supply US with the same data you have.
您将要求美国 - 因此,向美国提供您拥有的相同数据。
Post your table structure 张贴你的桌子结构
Post the table dump 发布表转储
Post three logs from three attempts with full debugging info: 使用完整调试信息从三次尝试发布三个日志:
The query 查询
The results that are "random". 结果是“随机的”。
Do copy/paste results at whole 完整地复制/粘贴结果
Var_dump output contains variable length - there is none in your current results. Var_dump输出包含可变长度 - 当前结果中没有。
the word "returned" hinting me that there is something about generateValueFromPasswordAndSalt, an oddly called function.... “返回”这个词暗示我有一些关于generateValueFromPasswordAndSalt的东西,一个奇怪的叫做函数....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.