我是mysql的新手,我试图将一个列中的一个值替换为另一个值。现在我有2个输入,可以在这里回显这些输入的文本值以及登录人的用户名:
<?php
session_start();
include("../php/Session.class.php");
$sess = new Session();
$sess->Init();
$cookie = isset($_COOKIE["session"]);
if($cookie)
{
$cookie = $_COOKIE["session"];
$account = $sess->Verify($cookie);
}
$pass1=$_POST['passwordText']; //name of input
echo $pass1;
$pass=$_POST['oldPass']; //name of input
echo $pass;
echo $account['username'];
然后我连接到我的数据库,并尝试将之前的密码设置为用户的用户名所在的$pass1值。
$dbh = new mysqli("localhost","username","password","sqlserver");
$checkforpass = "SELECT password FROM accounts WHERE username='".$account['username']."'";
$checkforpass = $dbh->query($checkforpass); //make query
$checkforpass = $checkforpass->fetch_assoc(); //prepare sql
$checkforpass = $checkforpass['password'];
echo $checkforpass;
if($checkforpass==$pass)
{
echo 'they got the password!';
$change = "UPDATE accounts SET password=".$pass1." WHERE username='".$account['username']."'";
//$change = $dbh->query($change);
$dbh->query($change); //make query
$dbh->close();
//change password
}
我没有错误,但在检查我的本地数据库时,密码的值保持不变。我在这里做错了什么?
答案 0 :(得分:0)
我认为它没有插入/更新,因为您在查询中没有使用varchar周围的单引号。
您的查询应该是:
$change = "UPDATE accounts SET password='".$pass1."' WHERE username='".$account['username']."'";
OR
$change = "UPDATE accounts SET password='$pass1' WHERE username='".$account['username']."'";