tailieunhanh - Giải pháp thiết kế web động với PHP - p 50

AUTHENTICATING USERS WITH A DATABASE Strictly speaking, it s not necessary to use a bound parameter for $key, because it doesn t come from user input. If you embed it directly in the query, the whole query needs to be wrapped in double quotes, and $key needs to be in single quotes. User authentication with two-way encryption Creating a login page with two-way encryption is very simple. After connecting to the database, you incorporate the username, secret key, and unencrypted password in the WHERE clause of a SELECT query. If the query finds a match, the user is allowed into the restricted part. | AUTHENTICATING USERS WITH A DATABASE Strictly speaking it s not necessary to use a bound parameter for key because it doesn t come from user input. If you embed it directly in the query the whole query needs to be wrapped in double quotes and key needs to be in single quotes. User authentication with two-way encryption Creating a login page with two-way encryption is very simple. After connecting to the database you incorporate the username secret key and unencrypted password in the WHERE clause of a SELECT query. If the query finds a match the user is allowed into the restricted part of the site. If there s no match the login is rejected. The code is the same as in PHP Solution 17-2 except for the following section. For MySQLi it looks like this see for the full listing this shows only the sections that are different conn dbConnect read create key key takeThisWith@PinchOfSalt sql SELECT username FROM users_2way WHERE username AND pwd AES_ENCRYPT initialize and prepare statement stmt conn- stmt_init stmt- prepare sql bind the input parameters stmt- bind_param sss username password key stmt- execute store the result stmt- store_result if a match is found num_rows is 1 which is treated as true if stmt- num_rows _SESSION authenticated Jethro Tull Note that you need to store the result of the prepared statement before you can access the num_rows property. If you fail to do this num_rows will always be 0 and the login will fail even if the username and password are correct. The revised code for PDO looks like this see for the full listing this shows only the sections that are different conn dbConnect read pdo create key key takeThisWith@PinchOfSalt sql SELECT username FROM users_2way WHERE username AND pwd AES_ENCRYPT prepare statement stmt conn- prepare sql bind variables when executing statement stmt- execute array username password key if a match is found rowCount produces 1 which is treated as true if .

TỪ KHÓA LIÊN QUAN