通过评论我发现此代码中的最后一行没有被注释掉
$query->bindParam(':password', $password);
是代码停止工作的行,我得到的是
此页面无效 ....目前无法处理此请求。 HTTP ERROR 500"
但是,我不知道bindParam()用法有什么问题。
我后来补充说:
$query = $conn->prepare('UPDATE users SET user_password = ? WHERE user_email = ?');
$query->execute(array($password, $email));
echo "Your password has been successfully reset.";
我再次更改了代码,现在它正在运行,整个代码现在看起来像这样:
// Was the form submitted?
if (isset($_POST["ResetPasswordForm"])) {
// Gather the post data
include_once 'includes/database.inc.php';
$email = $_POST['email'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$hash = $_POST["q"];
// Use the same salt from the forgot_password.php file
$salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
// Generate the reset key
$resetkey = hash('sha512', $salt.$email);
// Does the new reset key match the old one?
if ($resetkey == $hash) {
if ($password == $confirmpassword) {
// has and secure the password
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
// Update the user's password
$sqlUpdate = "UPDATE users SET user_password = ? WHERE user_email = ?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sqlUpdate)) {
echo "SQL Failed";
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $hashedPassword, $email);
mysqli_stmt_execute($stmt);
echo "Your password has been successfully reset2.";
exit();
} else {
echo "Your password reset key is invalid.";
exit();
}
}
?>
答案 0 :(得分:-3)
绑定时需要指定数据类型:http://php.net/manual/en/pdostatement.bindparam.php
使用:$query->bindParam(':password', $password, PDO::PARAM_STR);