<?php include_once 'db.php'; session_start(); if(!$_SESSION['logged_in']) { die('You are unauthorized to be here. 1'); } $old_password = md5($_POST['old_password']); $new_password = md5($_POST['new_password']); $sql = "UPDATE users SET pass='?' WHERE user='?' AND pass='?'"; $q = $db->prepare($sql); $q->bindParam(1, $new_password); $q->bindParam(2, $_SESSION['username']); $q->bindParam(3, $old_password); $q->execute(); header('location: ../?page=account'); ?>
这是我的'用户'表格方案:
`users` (`active` int(1) NOT NULL DEFAULT '1',
`user` varchar(200) NOT NULL,
`pass` varchar(200) NOT NULL,
`admin` int(1) NOT NULL,
`date` varchar(150) NOT NULL DEFAULT 'error',
`Paid` varchar(200) NOT NULL DEFAULT 'None',
KEY `user` (`user`) )
ENGINE=MyISAM DEFAULT CHARSET=latin1;
它根本就没有更新价值......任何想法?
答案 0 :(得分:3)
从占位符中删除引号。
答案 1 :(得分:0)
$sql = "UPDATE users SET pass='?' WHERE user='?' AND pass='?'";
将其更改为
$sql = "UPDATE users SET pass=? WHERE user=? AND pass=?";
答案 2 :(得分:-1)
假设您的代码没有拼写错误或其他错误(未经过测试),逻辑上唯一的解释是用户名或旧密码不匹配