开发者

Testing for correct email addy/password TSql

问答 作者:

I am making a login form on my site, and need a little bit of help. I keep receiving an error when I use this script:

<?php

$em = $_REQUEST["email"];
$pa = md5($_REQUEST["password"]);

//connectioninfo hidden   

$connectionInfo = array( "UID"=>$uid,                              
                         "PWD"=>$pwd,                              
                         "Database"=>$databaseName);
$conn = sqlsrv_connect( $serverName, $connectionInfo);

$tsql = "SELECT email, password FROM users WHERE email = $em AND password = $pa";

$stmt = sqlsrv_query( $conn, $tsql);    

if($stmt)
{
    $ot =
    "Hi, " . $em;
}
else
{
  $ot =
  "<p>Oh, no! My Account is currently unavailable right now, please try again later.</p>";
}

?>

The error I keep getting is:

Oh, no! My Account is currently unavailable right now, please try again later.

开发者_开发技巧

Can someone please hel me understand why it is not displaying the Hi, $em message when I login ,and how I may go about fixing it.

Also, just to get this out of the way, yes, I am using the correct login details. :)

Thanks jase

You have several issues:

  1. You're using REQUEST instead of POST. You really should use POST.
  2. Your code is vulnerable to SQL injection: http://php.net/manual/en/security.database.sql-injection.php
  3. You have no quotes around your string literals, which is likely causing your problem.

继续阅读:authenticationformsphpsql-servertsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9