我有以下代码来更新我的数据库(更改密码)。我知道我使用的方法有点旧,但该网站仅用作测试。我已经从其他网站复制了代码并且之前使用过它来执行INSERT查询(不是UPDATE)。
由于某种原因,数据库没有更新,我收到以下错误消息:
阵 警告:无法修改标头信息 - 已在/ home / content / 47/11368447 / html / CCC / changepassword中发送的标头(在/home/content/47/11368447/html/CCC/changepassword.php:64处开始输出)。第75行的PHP 重定向到stafflist.php
我是php的新手,感谢我能得到的所有帮助。
以下是代码:
// First we execute our common code to connection to the database and start the session
require("common.php");
$id = $_GET['id'];
// This if statement checks to determine whether the registration form has been submitted
// If it has, then the registration code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty password
if(empty($_POST['password']))
{
die("Please enter a password.");
}
// Ensure that the user has entered a non-empty username
if(empty($_POST['confirmpassword']))
{
// Note that die() is generally a terrible way of handling user errors
// like this. It is much better to display the error with the form
// and allow the user to correct their mistake. However, that is an
// exercise for you to implement yourself.
die("Please confirm your password.");
}
if ($_POST['password'] == $_POST['confirmpassword']) {
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$query = "UPDATE Staff SET password=:password, salt=:salt WHERE id=:id";
// A salt is randomly generated here to protect again brute force attacks
// and rainbow table attacks. The following statement generates a hex
// representation of an 8 byte salt. Representing this in hex provides
// no additional security, but makes it easier for humans to read.
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
// This hashes the password with the salt so that it can be stored securely
// in your database. The output of this next statement is a 64 byte hex
// string representing the 32 byte sha256 hash of the password. The original
// password cannot be recovered from the hash.
$password = hash('sha256', $_POST['password'] . $salt);
// Next we hash the hash value 65536 more times. The purpose of this is to
// protect against brute force attacks. Now an attacker must compute the hash 65537
// times for each guess they make against a password, whereas if the password
// were hashed only once the attacker would have been able to make 65537 different
// guesses in the same amount of time instead of only one.
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
try
{
// Execute the query to create the user
$stmt = $db->prepare($query);
$stmt->execute(array(
':password' => $password,
':salt' => $salt,
':id' => $id));
echo $db->errorInfo();
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// This redirects the user back to the login page after they register
header("Location: stafflist.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to stafflist.php");
}
die("Passwords do not match.");
}
谢谢, 乔
答案 0 :(得分:1)
此错误表示您在使用标题或会话类之前输出了一些内容。
仔细检查代码中的空格字符或其他输出,以确保在此行之前没有echo任何内容:
header("Location: stafflist.php");
答案 1 :(得分:0)
我认为您的die()之一在控件到达行header("Location: stafflist.php");之前被触发
最有可能的是,die()正在向response写出一些内容。在写完header之后,您无法设置response值。
答案 2 :(得分:0)
验证您使用的是ANSI编码还是没有BOM的UTF-8,因为使用UTF-8(带BOM)会在文件的最开头发送字符,这会弄乱您的标题。