PHP登录 - 如果声明执行即使没有匹配

问题描述：

我是PHP新手，我创建了一个登录方法。当我提交的数据，即使该值不匹配“如果”正在执行PHP登录 - 如果声明执行即使没有匹配

声明我的代码：

<?php 
    // include db configuration 
    include("./config.php"); 

    // converting data to JSON 
    $data = json_decode(file_get_contents("php://input")); 

    //assigning input to variables 
    $user_name = $data->user_name; 
    $password = hash('sha256', $data->password); 
    $tokenUser = hash('sha256', $data->user_name); 

    //checking username and password 
    $getUserInfo = $db->query("SELECT user_name FROM user WHERE user_name='$user_name' AND password='$password'"); 

    //getting user information 
    $getUserInfo = $getUserInfo->fetchAll(); 

    $token; 

    if (count($getUserInfo == 1)) 
    { 
     //creating a token for user authentication 
     $token = $tokenUser . " | " . uniqid() . uniqid() . uniqid(); 

     $q = "UPDATE user SET token=:token WHERE user_name=:user_name AND password=:password"; 

     $query = $db->prepare($q); 

     $execute = $query->execute(array(
      ":token" => $token, 
      ":user_name" => $user_name, 
      ":password" => $password 
    )); 

     $response = array(
      'user_name' => $user_name, 
      'token' => $token, 
      'access' => 'Granted' 
    ); 

     echo json_encode($response); 
    } 
    else 
    { 
     $error = array(
      'status' => 'error', 
      'message' => 'Username or Password is invlid' 
    ); 
     echo json_encode($error); 
    } 

?>

如何验证这一点，是代码正确的，需要一些澄清

'if（count（$ getUserInfo == 1））'应该如下：if（count（$ getUserInfo）== 1）' – hassan

@HassanAhmed - 您应该将它作为答案发布。 –

您对用户名和密码进行了哈希处理？为什么？用户名通常不被认为是敏感的。 – GordonM

答

这一行：

if (count($getUserInfo == 1))

应当如下：

if (count($getUserInfo) == 1)

那是我犯的一个菜鸟错误:) –

PHP登录 - 如果声明执行即使没有匹配

相关推荐