错误的验证消息出现在php / mysqli中

时间:2012-12-10 20:38:30

标签: php mysqli

我在下面有一段代码,它在验证和成功时执行某些php / mysqli任务。我在下面的代码中遇到的问题是,如果用户输入由SELECT查询确定的错误用户名或电子邮件,如果没有匹配的用户名和电子邮件,则应显示错误消息Your Username or Email was not Correct。但它显示此错误消息An error has occured, your Email was not sent containing your new Password

我的问题是,为什么显示错误的错误消息?如何才能显示正确的错误消息?

            if(isset($_POST['resetbtn'])){
                //get form data
                $user = $_POST['user'];
                $email = $_POST['email'];

 $errors = array();


if(!$errors) {

            $query = "SELECT TeacherUsername, TeacherEmail FROM Teacher WHERE TeacherUsername = ? AND TeacherEmail = ?";
            // prepare query
            $stmt=$mysqli->prepare($query);
            // You only need to call bind_param once
            $stmt->bind_param("ss",$user, $email);
            // execute query
            $stmt->execute(); 
            // get result and assign variables (prefix with db)
            $stmt->bind_result($dbTeacherUsername, $dbTeacherEmail);
            //get number of rows
            $stmt->store_result();
            $numrows = $stmt->num_rows();                                  

            if ($numrows == 1){

                   $pass = rand();
                   $teacherpassword = md5($pass);
                   $teacherpassword = substr($pass, 0, 15);
                   $teacherpassword = md5(md5("g3f".$pass."rt4")); 

                //update password in db   
                $updatesql = "UPDATE Teacher SET TeacherPassword = ? WHERE TeacherUsername = ?";                                            
                $update = $mysqli->prepare($updatesql);
                $update->bind_param("ss", $teacherpassword, $user);
                $update->execute();

            $query = "SELECT TeacherUsername, TeacherPassword FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ?";
            // prepare query
            $stmt=$mysqli->prepare($query);
            // You only need to call bind_param once
            $stmt->bind_param("ss",$user,$teacherpassword);
            // execute query
            $stmt->execute(); 
            // get result and assign variables (prefix with db)
            $stmt->bind_result($dbTeacherUsername, $dbTeacherPassword);
            //get number of rows
            $stmt->store_result();
            $selectnumrows = $stmt->num_rows();

                            }else{
                        if(!$numrows){
                        $errormsg = "Your Username or Email was not Correct"; 
                        $user = "";
                        $email = "";
                    }
                }
        }


        if(empty($errors)) {
            if ($selectnumrows == 1){


                   $errormsg = "<span style='color: green'>Your Password has been Reset. An Email has been sent with your New Password</span>";


                    else{
                     $errormsg = "An error has occured, your Email was not sent containing your new Password";   

               }
           }

以下是表格:

            echo "<form action='./forgotpass.php' method='post'>
            <table>
            <tr>
            <td></td>
            <td id='errormsg'>$errormsg</td>
            </tr>
            <tr>
            <td>Username</td>
            <td><input type='text' name='user' value='$user'/><br/>".$error_user."</td>
            </tr>
            <tr>
            <td>Email</td>
            <td><input type='text' name='email' value='$email'/><br/>".$error_email."</td>
            </tr>
            <tr>
            <td></td>
            <td><input type='submit' name='resetbtn' value='Reset Password' /></td>
            </tr>
            </table>
            </form>";

3 个答案:

答案 0 :(得分:1)

如果$ query没有返回任何行,那么首先你的$ errormsg变为“你的用户名或电子邮件不正确”,之后它变为:“发生了错误,你的电子邮件没有发送,包含你的新密码”

条件完全相同(同一个查询!),所以如果第一个为真,那么第二个也是真的。我不确定为什么你需要两个相同的查询,但如果确实需要它,请尝试将最后几行中的$ errormsg变量更改为另一个变量(例如$ errormsg2)并在表单中单独回显它们。

答案 1 :(得分:1)

$numrows = $stmt->num_rows();

应该是

$numrows = $stmt->num_rows;

并且

if ($numrows == 1){

应该是

if ($numrows === 1){

答案 2 :(得分:0)

@John提到了一个问题 - 

$selectnumrows = $stmt->num_rows();

需要采用OOP风格 - 

$selectnumrows = $stmt->num_rows;

== vs ===在您的情况下是可选的,但是很好的做法)

但是你得到的原因 - An error has occured, your Email was not sent containing your new Password而不是Your Username or Email was not Correct是因为你在第一次检查中设置了$errormsg并在第二次检查时重置了它。我缩写了您的代码并添加了//Comments 

$errors = array();

if(!$errors) {  //This is returning true
  ...
  if ($numrows == 1){ //This is returning false
   ...
  }else{
     if(!$numrows){
         $errormsg = "Your Username or Email was not Correct";  //So this is getting set
         ...
     }
  }
}
if(empty($errors)) {  // But this is also returning true
  if ($selectnumrows == 1){   // And this is also returning false
      $errormsg = "<span style='color: green'>Your Password has been Reset. An Email has been sent with your New Password</span>";
  } //This closing '}' is missing in your posted code!!
  else{
       $errormsg = "An error has occured, your Email was not sent containing your new Password";   //So now $errormsg is being reset.
  }
}
相关问题
最新问题