![]() |
$this->db->get_where - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6) +--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19) +--- Thread: $this->db->get_where (/showthread.php?tid=65745) |
$this->db->get_where - szhuge1 - 07-19-2016 ![]() I found this thing by mistake. 1) Controller Function Code: $id = trim($this->input->post('id')); Code: $query = $this->db->get_where('userinfo', array('id' => $id, 'password' => $pw)); a) When $pw is null Supposed SQL should be: Code: select * from userinfo where id = '$id' and password is null; Code: select * from userinfo where id = '$id'; Thanks RE: $this->db->get_where - mwhitney - 07-19-2016 I'm not seeing anything in the code which would cause that SQL to be output when calling $this->db->get_where() with those arguments. However, after you've passed $this->input->post('pwd') through trim() and md5(), I don't think you're going to get null (this doesn't explain why 'password' is not in your where clause). Additionally, you shouldn't be using md5() for passwords. See the PHP manual for details: http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash RE: $this->db->get_where - Avenirer - 07-19-2016 mwhitney is right: md5() of null (and any other hash) is not null. Make sure you have $pw inside your model. RE: $this->db->get_where - InsiteFX - 07-20-2016 You should be checking you input for null and then the recommended way to hash passwords now is with the PHP.Net password_hash() method. |