尝试比较数据库和php文件中的值

我在尝试将我的数据库中的条目与php文件进行比较时遇到麻烦,我已经建立连接并获得结果,但是我可以告诉我,我正在抓取条目的整个列表,并尝试将整个表与单个表进行比较结果。我只是试图创建一个简单的登录页面而没有浮华,这是我的代码:

<?php
// Get the user data
$credential_email = filter_input(INPUT_POST, 'email');
$credential_password = filter_input(INPUT_POST, 'password');

// Validate inputs
if ($credential_email === null || $credential_password === null) {
    $error = "Invalid credential data. Check all fields and try again.";
    include('error_2.php');
} else {
    require_once('database.php');
// compares values entered in login page form with mySQL database, and then directs either to protected page or to a failure page
$query = "SELECT * FROM credentials ORDER BY email";
$statement = $db->prepare($query);
$sel = $statement->execute();
$statement->closeCursor();
if($credential_email===$sel['email'] && credential_password===$sel['password'])
{
echo"success";
}
else
{
echo"failure";
}
}
?>

我在提交之前将正确的信息发布到以前的php文件中的电子邮件和密码中,并且该信息与数据库中的信息匹配,因此是正确的,但是我一直输出失败信息。有任何想法吗?

评论
  • Oo珑玲
    Oo珑玲 回复

    Database are good at fetching and comparing information. So SELECT password FROM credentials WHERE email = :email is the query you should be using. Retrieving * can be inefficient so get in the practice as retrieving only what you use.

    Read how to prevent SQL injection as this should be parametrized.

    仍然会从SQL查询返回一个列表,但是,如果电子邮件是唯一的(推荐),则仅应有一个条目。

    Don't store plain text passwords. Use password_hash like this answer.