不向数据库提交数据

时间:2013-04-01 19:41:40

标签: php mysql

什么应该是一个简单的代码不适合我。它正在显示HTML Woo!消息,但它实际上并没有提交数据。

$forgetKeyEmail = mysql_real_escape_string($_GET['key']);
$resetUsername = mysql_real_escape_string($_POST['inputUser']);
if ($_GET['do'] == "update") 
{
    $hasher = new PasswordHash(10, false);
    $resetPassword = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
    if ($_POST['inputPassword'] !== "")
    {
        mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
        ?>
            <div class="alert alert-success" style="margin:0;">
            <strong>Woooo!</strong> Your password has been changed, you can now <a href="login.php">login.</a>
            </div>
            <?php
    }
    else 
    {
             ?>
            <div class="alert alert-error" style="margin:0;">
            <strong>Woops!</strong> You need to fill out a password!
            </div>
            <?php
    }
}

以下是引用的HTML表单:

<form method="POST" class="form-horizontal" action="?do=update" >
  <div class="control-group">
    <label class="control-label" for="inputPassword">New Password</label>
    <div class="controls">
      <input type="text" id="inputPassword" name="inputPassword" placeholder="Password">
    </div>
  </div>
  <div class="control-group">
    <div class="controls">
      <button type="submit" class="btn btn-primary">Reset!</button>
    </div>
  </div>
</form>

2 个答案:

答案 0 :(得分:0)

很可能,这与案例敏感或拼写错误的表单名称一样愚蠢。对表和字段名称,查询字符串值等进行双重检查。

答案 1 :(得分:0)

以下行有一个小错误:

<form method="POST" class="form-horizontal" action="?do=update" >

每当提交表单时,网址为..?do=update

因为,我们正在收集(抓取)密钥值作为 GET 变量:

$forgetKeyEmail = mysql_real_escape_string($_GET['key']);

因此,$forgetKeyEmail是一个空字符串,因为网址中没有,即$_GET['key']未设置。

因此将上述html代码更改为:

<form method="POST" class="form-horizontal" action=?do=update&key=<?php echo $forgetKeyEmail; ?>

它会像魅力一样发挥作用。