我想创建一个忘记密码页面。为了避免向用户发送他的详细信息,我决定在警告框中显示他的详细信息,虽然我知道它的安全性要低得多!
所以,这里是我在php文件中的代码" forgotdetails.php"。
//Here are my database details, which I can't show.
$conn= mysql_connect($dbhost, $dbuser, $dbpass);
// Check connection
if(!$conn){
die('Could not connect'.mysql_error() );
}
$db_selected = mysql_select_db('users');
if(!$db_selected){
die('wrong'.mysql_error() );
}
$post_username = $_POST['email']; // the ajax post username
$query = "SELECT * FROM users WHERE id='". $post_username. "'";
$results= mysql_query($query);
$row=mysql_fetch_assoc($results);
$username=$row['id'];
$password=$row['pass'];
if(mysql_num_rows($results)==0)
{
echo "pass= " . $password;
echo "You haven't registered yet! Go to the Home-Page to Register!";
/*$query = "SELECT * FROM users WHERE id='$post_username' AND pass='$post_password'";*/
}
else
{
echo $password;
echo "Your Login details are-:"."\nUser ID- ". $username . "\nPassword- ". $password . "\nLogin to your account, to change your password. ";
}
这是我的ajax函数(在html文件中),当点击忘记密码按钮时它被调用 - :
<script lang="javascript" type="text/javascript">
function ajaxFunction1() {
var ajaxRequest; // The variable that makes Ajax possible!
try {
// Opera 8.0+, Firefox, Safari
ajaxRequest = new XMLHttpRequest();
} catch (e) {
// Internet Explorer Browsers
try {
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
// Something went wrong
alert("Your browser broke!");
return false;
}
}
}
// Create a function that will receive data
// sent from the server and will update
// div section in the same page.
ajaxRequest.onreadystatechange = function ()
{ if (ajaxRequest.readyState == 4)
{ var ajaxDisplay = document.getElementById('results');
alert (ajaxRequest.responseText);
ajaxDisplay.innerHTML = "<br/><br/><h2><font color='#18E618'>"+ajaxRequest.responseText+"</font></h2>"; } }
// Now get the value from user and pass it to
// server script.
var email = document.getElementById('email').value;
//var bitsmailid = document.getElementById('bitsmailid').value;
if ( email== "" || email== null || email== '') {
alert("BITS ID Not Filled");
exit();
}
/*if ( bitsmailid== "" || bitsmailid== null || bitsmailid== '') {
alert("BITS Mail ID Not Filled");
exit();
}*/
var queryString = "?email=" + email;
ajaxRequest.open("POST", "forgotdetails.php" +queryString, true);
ajaxRequest.send(null);
}
</script>
我的查询是,我需要检查通过PHP文件($ results)中的SQL返回的查询是否为空,然后我需要执行我在代码中提到的函数。我使用了mysql_num_rows($ results)== 0 condition(我在阅读Stack Overflow上的类似帖子后得知)。虽然它似乎没有正确评估。即使数据库中有条目,它也会始终评估为true。
我已经阅读了有关Stack Overflow上此类问题的所有帖子,经过12个多小时的测试代码有很多不同的可能性,我仍然无法解决我的查询。我提供了查询所需的所有详细信息,但如果有人需要,我会随身携带。
我是Web开发的新手,所以请帮我解决我的问题。提前感谢您的帮助!
如果你觉得这个问题早些时候已经得到了回答,我很抱歉,但是我再次发布了这个问题,因为这些帖子很遗憾无法帮助我。我已经阅读了所有这些内容。遗憾!
答案 0 :(得分:0)
应该是
$sql = "SELECT * FROM users WHERE id='". $post_username. "'";
$result = mysql_query($sql, $conn);
if ($result && (mysql_num_rows($result) > 0)) {
// user exists
// here you get row
$row = mysql_fetch_assoc($result);
}
我知道它没有pdo而且不安全。