我已经创建了一个登录系统,现在我正在尝试添加重置密码代码。一切似乎工作正常,除了它没有写入Mysql数据库。任何帮助将不胜感激。
<?php
if(isset($_POST['submit'])){
$mycode = ($_POST['code']);
$mynewpass = ($_POST['password']);
$myconfpass = ($_POST['password1']);
//checks if all fields are filled
if( (empty($mynewpass)) || (empty($myconfpass)) || (empty($mycode)) ){
$errors[] = '<center>All fields must be filled in.<center>';
}
//check if passwords match
if ($mynewpass != $myconfpass){
$errors[] = '<center>Your passwords do not match</center>';
}
if (!empty($errors)){
foreach($errors as $error){
echo '<strong>',$error ,'</strong><br />';
}
}else{
include 'Grubconfig.php';
mysql_connect($host, $user, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
// change password
$mychk = mysql_query(" SELECT * FROM customer WHERE passreset = '$mycode' ");
if(mysql_num_rows($mychk) == 1)
mysql_query("UPADTE customer SET Password='$mynewpass' WHERE passreset='$mycode'");
mysql_query("UPADTE customer SET passreset='0' WHERE passreset='$mycode'");
echo '<center>Your password has been reset Please click <a href="Grublogin.php">here !</a><center>';
}
} ?&GT;
答案 0 :(得分:3)
错别字:
mysql_query("UPADTE customer SET Password='$mynewpass' WHERE passreset='$mycode'");
^^^^^^--- UPDATE (swap D and A)
永远不要假设您的查询是成功的。始终检查错误:
$result = mysql_query($sql) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^-- bare minimum error handling
您对SQL injection attacks也很开放。因此,在部署此代码之前,最好先了解它们并修复漏洞。
答案 1 :(得分:0)
if(mysql_num_rows($mychk) == 1)
mysql_query("UPADTE customer SET Password='$mynewpass' WHERE passreset='$mycode'");
mysql_query("UPADTE customer SET passreset='0' WHERE passreset='$mycode'");
if ( ... ) {
这是有义务的,因为你有2个陈述您可以将它们粘贴到一个查询中:
UPDATE customer SET password = '$mynewpass', passreset = 0 WHERE passreset = '$mycode';
但是,您最好将数据库交互迁移到MySQLi或PDO。 mysql库现已弃用。