无法使用php和Mysql更新数据库

时间:2014-09-29 06:43:57

标签: php mysql authentication mysqli

我正在尝试使用以下代码更新数据库中的用户密码

<?php

session_start();
if( isset($_SESSION['user']) ){
}
else
{
header("location: index.php");
}
$host = "localhost";
$username = "xxxx";
$password = "xxxxx";
$db_name = "auth_db";
$tbl_name = "users";
$link = new mysqli("$host", "$username"  , "$password", "$db_name");
if(mysqli_connect_error()) 
{
    die('Connect Error ('.mysqli_connect_errno().')' .msqli_connect_error());
}

$username = $_SESSION['user'];
$pwd = $_POST['oldpass'];
$pwd1 = $_POST['newpass'];
$pwd2 = $_POST['newpass1']; 
if($pwd1 !== $pwd2)
{
Print '<script>alert("New Passwords do not match");</script>';  
Print '<script>window.location.assign("pwd.php");</script>'; 
}

$query = mysqli_query($link, "SELECT * from users WHERE username = '$username'");
$user_exist = mysqli_num_rows($query);
$tbl_user = "";
$tbl_password = "";
$password = 0 ;

if($user_exist > 0)
{
while($row = mysqli_fetch_assoc($query))
{
    $tbl_user = $row['username'];
    $tbl_password = $row['password'];
    $password = password_verify($pwd, $tbl_password);
}
if(($username == $tbl_user) && ($password))
{
if($password)
{
     $new_hash = password_hash(('$pwd1'), PASSWORD_BCRYPT);
     mysqli_query($link, "UPDATE $tbl_name SET password = '$new_hash' WHERE username = '$tbl_user'");
     Print '<script>alert("Updated, Please relogin.");</script>';
    Print '<script>window,location.assign("logout.php");</script>';

}
}
else
{
    Print '<script>alert("Incorrect Password");</script>';
    Print '<script>window,location.assign("pwd.php");</script>';

}
}

?>

我能够生成哈希,但它没有在数据库中更新,页面被重定向到给定的链接。我在想,我的

有一些问题
mysqli_query($link, "UPDATE $tbl_name SET password = '$new_hash' WHERE username = '$tbl_user'");

感谢任何帮助。谢谢。

2 个答案:

答案 0 :(得分:0)

试试这个

$link = new mysqli($host, $username  , $password, $db_name);

mysqli_query($link, "UPDATE $tbl_name SET pasword = ".$new_hash." WHERE username = ".$tbl_user.");

答案 1 :(得分:0)

您的代码有很多语法错误。我引用了一些并将其放在评论中,以便您自己更改。

<?php

session_start();
if( isset($_SESSION['user']) ){
}
else
{
header("location: index.php");
}
$host = "localhost";
$username = "xxxx";
$password = "xxxxx";
$db_name = "auth_db";
$tbl_name = "users";
$link = new mysqli("$host", "$username"  , "$password", "$db_name");
if(mysqli_connect_error()) 
{
    die('Connect Error ('.mysqli_connect_errno().')' .msqli_connect_error());
}

$username = $_SESSION['user'];
$pwd = $_POST['oldpass'];
$pwd1 = $_POST['newpass'];
$pwd2 = $_POST['newpass1']; 
if($pwd1 !== $pwd2)
{
Print '<script>alert("New Passwords do not match");</script>';  
Print '<script>window.location.assign("pwd.php");</script>'; 
}

$query = mysqli_query($link, "SELECT * from users WHERE username = '$username'");
$user_exist = mysqli_num_rows($query);
$tbl_user = ""; // instead of reinitializing these as a blank slate just use the unset(); function
$tbl_password = ""; // so its unset($tbl_user); so you can save memory.
$password = 0 ;

if($user_exist > 0)
{
while($row = mysqli_fetch_assoc($query))
{
    $tbl_user = $row['username'];
    $tbl_password = $row['password'];
    $password = password_verify($pwd, $tbl_password);
}
if(($username == $tbl_user) && ($password))
{
if($password)
{
     $new_hash = password_hash(('$pwd1'), PASSWORD_BCRYPT);
     mysqli_query($link, "UPDATE $tbl_name SET password = '$new_hash' WHERE username = '$tbl_user'");
     Print '<script>alert("Updated, Please relogin.");</script>';
    Print '<script>window,location.assign("logout.php");</script>'; //<- window.location.assign();

}
}
else
{
    Print '<script>alert("Incorrect Password");</script>';
    Print '<script>window,location.assign("pwd.php");</script>'; //<-- window.location.assign();

}
}

?>