php sql中的UPDATE不会更新数据库

时间:2012-06-03 05:05:51

标签: php mysql sql sql-update

我有一个页面标题changepassword.php ...在此页面中,用户可以更改帐户的密码。查询将通过并提供它发送的消息,但数据库不会更改。密码与以前保持一致。我正在使用一个我不习惯的sha1哈希(第一次使用它)。有谁知道它发生了什么?谢谢!

    <?php

    session_start ();

    $user_name = $_SESSION['user_name'];

    if($user_name)
    {
    //user is logged in

    if(isset($_POST['submit']))
    {
    //check fields

    $oldpassword = $_POST['oldpassword'];
    $newpassword = $_POST['newpassword'];
    $repeatnewpassword = $_POST['repeatnewpassword'];

    //check password against db

    $connect=mysql_connect("localhost","root","passssssssword") or die();
    mysql_select_db("database") or die();

    $queryget= mysql_query ("SELECT user_pass FROM users WHERE user_name='$user_name'")         or die("Query didn't work.");
    $row = mysql_fetch_assoc ($queryget);

    $oldpassworddb = $row['user_pass'];

    //check passwords

if (sha1($oldpassword)==$oldpassworddb)
{
    if ($newpassword==$repeatnewpassword)
    {
        if (strlen ($newpassword)>25 || strlen ($newpassword)<6)
        {
        echo "Password must be between 6 and 25 characters";
        }
        else
        {
        //change password in db 

        $newpassword = sha1($newpassword);

        $querychange = mysql_query("UPDATE users SET         password='$newpassword' WHERE user_name='$user_name'");
        session_destroy();
        die ("Your password has been changed. <a         href='index.php'>Return</a> to the main page and login with your new password.");
        }

    }
    else
        die ("New passwords do not match!");

}
else
    die ("Old password is inncorrect!");

    }

    else
    {
    echo
    "<form action = 'changepassword.php' method = 'POST'>
    <table>
    <tr>
        <td>
    Old password: 
        </td>
        <td>
    <input type='text' name='oldpassword'><p>
        </td>
    </tr>
    <tr>
        <td>
    New password: 
        </td>
        <td>
    <input type='password' name='newpassword'>
        </td>
    </tr>
    <tr>
        <td>
    Repeat new password: 
        </td>
        <td>
    <input type='password' name='repeatnewpassword'>
        </td>
    </tr>
    <table>
    <input type='submit' name='submit' value='Change password'>
    </form>
    ";
    }


    }
    else
die("You must be logged in to change your password!");
    ?>

2 个答案:

答案 0 :(得分:5)

QUERY_1:

SELECT user_pass FROM users WHERE user_name='$user_name'

您的Query_2:

UPDATE users SET **password**='$newpassword' WHERE user_name='$user_name'

但是,Query_2应该是:

UPDATE users SET **user_pass**='$newpassword' WHERE user_name='$user_name'

答案 1 :(得分:1)

不确定文字/单引号是否允许PHP插入变量。我通常也使用sprintf。此外,通常您不想只检查用户名,而是用户名和旧密码。 

"SELECT user_pass FROM users WHERE user_name='$user_name'"

应该是:     $ sql = sprintf(“select user_pass from user where user_name =”%s“,$ user_name);

另外,如果输出mysql_error(),你的“die()”会更好,即

  $connect=mysql_connect("localhost","root","passssssssword") or die();
mysql_select_db("database") or die("cannot connect".mysql_error());

但是,解决问题的最快方法可能是在mysql_query上输入错误:

$sql = sprintf("UPDATE users SET  password="%s" WHERE user_name="%s"",$newpassword,$user_name);
$querychange = mysql_error($sql) or die ("Error updating: ".mysql_error());
相关问题
最新问题