我正在尝试更新此代码中的用户密码。我知道它不可靠,因为它没有SQL注入预防功能,我只是想在这里学习。 无论如何,在我的代码中使用$ _request变量不能用于数据库查询,当我想用echo显示变量时,它可以工作。
PHP代码:
$newPassword=$_POST['newPassword'];
$confirmPassword=$_POST['confirmPassword'];
$userID1=$_REQUEST['ID'];
$code=$_GET['$code'];
echo "<h1>Hello " . $userID1 . "</h1>";
if (isset($_GET['submit']))
{
if($newPassword == $confirmPassword ){
mysql_query("UPDATE facultymember SET password='$newPassword' WHERE ID='$userID1'");
$message = "Your password has been updated.";
}
else
{
$message = "New password does not equal Confirm password";
}
}
HTML表单:
<form name="frmChange" action='newpass.php' method="GET" onSubmit="return validatePassword()">
<div style="color:red;" "class="message"><?php if(isset($message)) { echo $message; } ?></div>
Enter a new password
<input type="text" name="newPassword">
Re-enter the new password
<input type="text" name="confirmPassword">
<input name="submit" type="submit" value="Save Changes">
</form>
答案 0 :(得分:0)
获取价值的对象错误=&#34; GET&#34;
$newPassword=$_POST['newPassword'];
$confirmPassword=$_POST['confirmPassword'];
or
$newPassword=$_GET['newPassword'];
$confirmPassword=$_GET['confirmPassword'];
并且没有附加ID参数