[英]Convert from mysqli_query to mysqli prepared statement using mysql PASSWORD function
I have converted my website from mysql to mysqli prepared statements except for one query.除了一个查询之外,我已将我的网站从 mysql 转换为 mysqli 准备好的语句。 The query I can't figure out is:
我无法弄清楚的查询是:
$sql = "SELECT customerID FROM customer WHERE customerEmail = '$loginEmailAddress' AND customerPassword = PASSWORD('$loginPassword');";
$result = mysqli_query($mysqli, $sql);
This works fine.这工作正常。 When I try to make an mysqli prepared statement, the problem is the mysql PASSWORD function.
当我尝试制作 mysqli 准备好的语句时,问题是 mysql PASSWORD 函数。 Is it even possible to convert this?
甚至有可能转换这个吗?
I tried things like:我试过这样的事情:
$loginPassword = PASSWORD($loginPassword);
$stmt = $mysqli -> prepare("SELECT customerID from customer WHERE customerEmail = ? AND customerPassword = ? ");
$stmt -> bind_param("ss", $loginEmailAddress,$loginPassword);
$stmt -> execute();
$stmt->store_result();
$stmt -> bind_result($customerID);
$stmt -> close();
and of course no success.当然没有成功。 I also tried things like:
我也尝试过这样的事情:
$loginPassword = '" . PASSWORD('$loginPassword') . "';
I am working toward using phpass, but in the meantime I need to keep using PASSWORD for my existing customers until they login and I can move them to the new hash.我正在努力使用 phpass,但与此同时,我需要继续为我现有的客户使用 PASSWORD,直到他们登录,我可以将他们移动到新的哈希。
PASSWORD()
is a MySQL function. PASSWORD()
是一个 MySQL 函数。 It is part of the SQL.它是 SQL 的一部分。 You only need to parameterize the argument you pass to this function.
你只需要参数化你传递给这个函数的参数。
$stmt = $mysqli -> prepare("SELECT customerID
FROM customer
WHERE customerEmail = ? AND customerPassword = PASSWORD(?) ");
$stmt -> bind_param("ss", $loginEmailAddress,$loginPassword);
$stmt -> execute();
Warning:警告:
Only store password hashes created using PHP's password_hash()
, which you can then verify using password_verify()
.仅存储使用 PHP 的
password_hash()
创建的密码哈希,然后您可以使用password_verify()
进行验证。 Take a look at this post: How to use password_hash and learn more about bcrypt & password hashing in PHP看看这篇文章:如何使用 password_hash并了解有关PHP 中 bcrypt 和密码哈希的更多信息
Warning:警告:
This function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
从 MySQL 5.7.6 起,此功能已弃用,并将在未来的 MySQL 版本中删除。
PASSWORD() is used by the authentication system in MySQL Server;
PASSWORD() 被 MySQL Server 中的认证系统使用; you should not use it in your own applications.
你不应该在你自己的应用程序中使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.