相关疑难解决方法(0)

假设我想为用户存储密码,这是使用PHP 5.5的password_hash()功能(或者这个版本的PHP 5.3.7+:https://github.com/ircmaxell/password_compat)的正确方法吗？

$options = array("cost" => 10, "salt" => uniqid());
$hash = password_hash($password, PASSWORD_BCRYPT, $options);

然后我会这样做:

mysql_query("INSERT INTO users(username,password, salt) VALUES($username, $hash, " . $options['salt']);

要插入数据库.

然后验证:

$row = mysql_fetch_assoc(mysql_query("SELECT salt FROM users WHERE id=$userid"));
$salt = $row["salt"];
$hash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 10, "salt" => $salt));

if (password_verify($password, $hash) {
    // Verified
}

我在PHP/MySQLi中使用两个预准备语句从mysql数据库中检索数据.但是,当我运行语句时,我得到"命令不同步,你现在无法运行命令"错误.

这是我的代码:

    $stmt = $mysqli->prepare("SELECT id, username, password, firstname, lastname, salt FROM members WHERE email = ? LIMIT 1";
    $stmt->bind_param('s', $loweredEmail);
    $stmt->execute();
    $stmt->store_result();
    $stmt->bind_result($user_id, $username, $db_password, $firstname, $lastname, $salt);
    $stmt->fetch();

    $stmt->free_result();
    $stmt->close();

    while($mysqli->more_results()){
        $mysqli->next_result();
    }

    $stmt1 = $mysqli->prepare("SELECT privileges FROM delegations WHERE id = ? LIMIT 1");
    //This is where the error is generated
    $stmt1->bind_param('s', $user_id);
    $stmt1->execute();
    $stmt1->store_result();
    $stmt1->bind_result($privileges);
    $stmt1->fetch();

我尝试过的:

• 将准备好的语句移动到两个单独的对象.

• 使用代码:

  while($mysqli->more_results()){
      $mysqli->next_result();
  }
  //To make sure that no stray result data is left in buffer between the …

  Run Code Online (Sandbox Code Playgroud)

我用a password_verify检查我的哈希密码.我有PHP 5.5:

   $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);


        // if no connection errors (= working database connection)
        if (!$this->db_connection->connect_errno) {

            // escape the POST stuff
            $user_name = $this->db_connection->real_escape_string($_POST['user_name']);

            // database query, getting all the info of the selected user (allows login via email address in the
            // username field)
            $sql = "SELECT user_name, user_email, user_password_hash
                    FROM users
                    WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_name . "';";
            $result_of_login_check = $this->db_connection->query($sql);

            // …