更新密码不能正常使用PHP

时间:2018-03-13 18:16:51

标签: php html mysql sql

我目前正在处理一个PHP文件,一个管理员有权更新用户帐户的密码,该密码有哈希,但它目前无法正常工作并在数据库内更新。我试图寻找问题,但没有这样做,一点帮助将不胜感激。这是我的简单代码......

编辑账户-process.php:

<?php
$connect=mysqli_connect('localhost','root','','report_generation');

if(isset($_POST['submit'])) {
        $id = $_POST['id'];
        $username = $_POST['username'];
        $password= $_POST['password']; 
        $login_name = $_POST['login_name']; //full name of the user

        $query = "UPDATE dim_login set username = '$username', password = md5('$password'), login_name = '$login_name', where id = '$id'";

        mysqli_query($connect, $query);
        header( "Location: user-account.php" ); die;
        echo "<script>window.open('user-account.php','_self')</script>";
} ?>

形式:

    <div class="row">
    <div class="col-md-12">
        <div class="box box-primary">
        <div class="box-header with-border">
          <h3 class="box-title">Quick Example</h3>
        </div>
        <!-- /.box-header -->
        <!-- form start -->
        <?php
          $id = $_GET['id'];
          $query = "select * from dim_login where id = '$id';";             
          $run = mysqli_query($connect, $query);    

          while ($row = mysqli_fetch_array($run)) {

            $id = $row[0];
            $username = $row[1];
            $password = $row[2]);
            $login_name = $row[3];

          }                    
        ?>
        <form class="form" action="edit-account-process.php?id=<?php echo $id; ?>" method="post">
          <div class="box-body">
            <div class="form-group">
              <label>Full Name</label>
              <input type="text" class="form-control" name="login_name" value="<?php echo $login_name; ?>">
            </div>
            <div class="form-group">
              <label>Username</label>
              <input type="text" class="form-control" name="username" value="<?php echo $username; ?>">
            </div>
            <div class="form-group">
              <label>New Password</label>
              <input type="password" class="form-control" name="password" value="">
            </div>
          </div>
          <!-- /.box-body -->

          <div class="box-footer">
            <input type="submit" class="btn btn-primary" value="Submit" name="submit" />
          </div>
          <input type= "hidden" name = "id" value ="<?php echo $id ?>"/>
        </form>
      </div>
        <!-- /.box -->
    </div>

</div>

2 个答案:

答案 0 :(得分:0)

请使用http://de2.php.net/manual/en/function.password-hash.php较新的功能来创建密码,它更安全,更好。

login_name = '$login_name',&lt;删除最后一个comma befor WHERE

答案 1 :(得分:-1)

首先,如果使用sql检查器测试查询,则会出现错误。 (例如:https://www.eversql.com/sql-syntax-check-validator/

结果查询在where子句

之前有逗号 
"UPDATE dim_login set username = 'xxx', password = md5('xxx'), login_name = 'xxx', where id = '1'"

这是正确的

"UPDATE dim_login set username = 'xxx', password = md5('xxx'), login_name = 'xxx' where id = '1'"

其次,你确定你的id字段必须像字符串一样对待吗?

第三,检查isset($_POST['submit'])的目的是什么?

相关问题
最新问题