更新时间:2023-12-03 20:40:22
https://codereview.stackexchange.com/ 对于像这样的事情来说会更好。这是完全不清楚你究竟在问什么,因此我只是重构了你的PHP代码,并希望这可以帮助。
https://codereview.stackexchange.com/ would be a better place for stuff like this. It's absolutely unclear what you're actually asking, therefore I just refactored your PHP code and hope this might help.
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$password = filter_input(INPUT_POST, "password", FILTER_UNSAFE_RAW);
if ($username && $password) {
try {
$connection = new \mysqli("localhost", "root", "password", "database");
$stmt = $connection->prepare("SELECT `id`, `password` FROM `personal` WHERE `username` = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($id, $hash);
$found = $stmt->fetch();
if ($found === true && password_verify($password, $hash)) {
session_start();
}
else {
echo "We either don't know the username or the password was wrong.";
}
$stmt->close();
$connection->close();
}
catch (\mysqli_sql_exception $e) {
echo "An error ocurred while communicating with the database, please hang in there until it's fixed.";
}
}
else {
echo "Please enter a username and a password.";
}