Vote count:
0
i have this simple function:
$password = 'userinput';
$username = 'userinput02';
$bdd = new PDO('mysql:host=localhost;dbname=mydatabase', 'root', '');
$stmt = $bdd->prepare('SELECT username, hash, someinfo, someotherinfo FROM users WHERE username = ?');
$stmt->execute(array($username));
$reponse = $stmt->fetch();
if($reponse['username'])
{
if(password_verify($password, $reponse['hash']))
{
UseSomeInfo();
echo 'good password';
}
}
and i'm wondering if only selecting the username, wait for 1st statement to be confirmed, then selecting the hash isn't a more efficiant/standard/secure way to do the same thing.
asked 3 mins ago
Aucun commentaire:
Enregistrer un commentaire