什么应该是一个简单的代码不适合我。它正在显示HTML Woo!消息,但它实际上并没有提交数据。
$forgetKeyEmail = mysql_real_escape_string($_GET['key']);
$resetUsername = mysql_real_escape_string($_POST['inputUser']);
if ($_GET['do'] == "update")
{
$hasher = new PasswordHash(10, false);
$resetPassword = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
if ($_POST['inputPassword'] !== "")
{
mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
?>
<div class="alert alert-success" style="margin:0;">
<strong>Woooo!</strong> Your password has been changed, you can now <a href="login.php">login.</a>
</div>
<?php
}
else
{
?>
<div class="alert alert-error" style="margin:0;">
<strong>Woops!</strong> You need to fill out a password!
</div>
<?php
}
}
以下是引用的HTML表单:
<form method="POST" class="form-horizontal" action="?do=update" >
<div class="control-group">
<label class="control-label" for="inputPassword">New Password</label>
<div class="controls">
<input type="text" id="inputPassword" name="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Reset!</button>
</div>
</div>
</form>
答案 0 :(得分:0)
很可能,这与案例敏感或拼写错误的表单名称一样愚蠢。对表和字段名称,查询字符串值等进行双重检查。
答案 1 :(得分:0)
以下行有一个小错误:
<form method="POST" class="form-horizontal" action="?do=update" >
每当提交表单时,网址为..?do=update
。
因为,我们正在收集(抓取)密钥值作为 GET 变量:
$forgetKeyEmail = mysql_real_escape_string($_GET['key']);
因此,$forgetKeyEmail
是一个空字符串,因为网址中没有键,即$_GET['key']
未设置。
因此将上述html代码更改为:
<form method="POST" class="form-horizontal" action=?do=update&key=<?php echo $forgetKeyEmail; ?>
它会像魅力一样发挥作用。