我试图实现一个更改数据库密码的表单,但是,当我在表单上提交详细信息时,它只是将我引导到目标页面...但是在浏览器上显示和明文代码....为什么这样做呢!
表格:
<h1 align="center">Change Password</h1>
<form method="POST" action="reset_pwd.php">
<table class='altrowstable' id='alternatecolor' >
<tr>
<td align="right">Username: </td>
<td><input type="TEXT" name="username" value=""/></td>
</tr>
<tr>
<td align="right">Current Password: </td>
<td><input type="password" name="password" value=""/></td>
</tr>
<tr>
<td align="right">New Password: </td>
<td><input type="password" name="npassword" value=""/></td>
</tr>
<tr>
<td align="right">Repeat New Password: </td>
<td><input type="password" name="rpassword" value=""/></td>
</tr>
<tr><td align="center">
<a href="forgot_password.php">Forgot password</a>
</td>
<td>
<input type="submit" name="submit" value="Change Password"/>
</td>
</tr>
</table>
</form>
<br>
<?php echo $msg; ?>
和目标php页面:
<?php
include('dbconfig.php');
$msg = "";
if (mysql_real_escape_string($_POST['submit'])):
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$npassword = mysql_real_escape_string(md5($_POST['npassword']));
$rpassword = mysql_real_escape_string(md5($_POST['rpassword']));
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)):
$dbusername = $rows['username'];
$dbpassword = $rows['password'];
$dbfirstname = $rows ['firstname'];
$dblastname = $rows ['lastname'];
endwhile;
if (empty($username) || empty($password) || empty($npassword) ||
empty($rpassword)):
$msg = "All fields are required";
elseif ($numrows == 0):
$msg = "This username does not exist";
elseif ($password != $dbpassword):
$msg = "The CURRENT password you entered is incorrect.";
elseif ($npassword != $rpassword):
$msg = "Your new passwords do not match";
elseif ($npassword == $password):
$msg = "Your new password cannot match your old password";
else:
mysql_query("UPDATE user_info SET password = '$npassword' WHERE user_id =
'$username'");
$to = $email;
$subject = "YOUR PASSWORD HAS BEEN CHANGED";
$message = "<p>Hello $dbfirstname $dblastname. You've received this E-Mail
because you have requested a PASSWORD CHANGE. ";
$from = "myemail@.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
endif;
endif;
?>
答案 0 :(得分:0)
目标页面中没有要在浏览器中显示的HTML响应。要显示内容,您需要形成适当的html,以便可以在浏览器中显示。
在目标页面中,在末尾添加以下html代码,以便显示消息(验证或成功)。
<html><body>put your message here</body></htm>
答案 1 :(得分:0)
PLease check ...“user_info”表格中“user_id”的类型是什么......以及您从表单中获取的用户名字段是什么。
我在问这个问题......
$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
答案 2 :(得分:0)
目标php中的第一个$ msg仅用于目标php,不会将值返回到表单
其次,你可能会寻找 if(isset($ _ POST ['submit'])):而不是 if(mysql_real_escape_string($ _ POST ['submit'])):
答案 3 :(得分:0)
你可能忘记了一个额外的?&gt;在包含文件“dbconfig.php”的末尾,从而将目标php页面视为html。