我一直在尝试创建一个密码重置系统,其代码如下:
<?php ob_start();
include "includes/header.php";
include "includes/db.php";
//session_start();
include "includes/navigation.php";
if(isset($_GET['reset']) && isset($_GET['token'])) {
$token = $_GET['token'];
$stmt = mysqli_prepare($connection, "SELECT username, user_email, token FROM users WHERE token=?");
mysqli_stmt_bind_param($stmt, "s", $token);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $username, $user_email, $token);
mysqli_stmt_fetch($stmt);
if(!empty($username)) {
if(isset($_POST['password']) && isset($_POST['confirmPassword']) && $_POST['password'] == $_POST['confirmPassword']) {
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));
echo $hashedPassword;
echo $user_email;
$stmt = mysqli_prepare($connection, "UPDATE users SET token= '', user_password= '{$hashedPassword}' WHERE user_email= ?");
mysqli_stmt_bind_param($stmt, "s", $user_email);
mysqli_stmt_execute($stmt);
}
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
}
?>
现在情况是第一个查询运行良好。该令牌已成功插入数据库中,并请求重新设置密码帐户,并成功从数据库中获取了数据。
问题是当用户插入新密码及其确认时出现的。尽管密码已成功哈希,但是将密码插入数据库仍然存在问题。
让我知道“ mysqli_stmt_bind_param()期望参数1为mysqli_stmt,给定布尔值”。可以肯定的是连接中没有问题,因为上述查询中的连接已经起作用。我一直在检查statementquery有什么问题,但是我无法识别任何错误。
感谢您的帮助。 谢谢
答案 0 :(得分:1)
我已经修改了您的代码,并在可能的地方(最好是在哪里出现错误)以及我的更正为什么可行的情况下,尽可能地记录在案。
<?php ob_start();
include "includes/header.php";
include "includes/db.php";
//session_start();
include "includes/navigation.php";
if(isset($_GET['reset']) && isset($_GET['token'])) {
$token = $_GET['token'];
//I have amended your query, you do not need to grab the token if the condition is that it is the same as something you already have, as $_GET['token'] AND $token will always be the same.
$query = "SELECT username, user_email FROM users WHERE token = ?");
$stmt = $connection->prepare($query);
$stmt->bind_param("s", $_GET['token']);
$stmt->execute();
$stmt->bind_result($username, $user_email);
$stmt->fetch();
$stmt->close(); // You did not close your query connection.
// To use a new query you must first close the previous one.
if(!empty($username)) {
if(isset($_POST['password']) && isset($_POST['confirmPassword']) && $_POST['password'] == $_POST['confirmPassword']) {
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));
echo $hashedPassword;
echo $user_email;
// Previously you tried to insert a PHP variable into a query, which is not possible
// in (and defeats the point of) prepared statements. Rather than put in $variable
// replace them with '?' . (not including quotation marks)
$query = "UPDATE users SET token = null, user_password = ? WHERE user_email = ?";
$stmt = $connection->prepare($query);
$stmt->bind_param("ss", $hashed_password, $user_email);
$stmt->execute();
$stmt->close();
}
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
}
此外,如果将db.php以及标题中提供的代码放在标题之前,则很可能避免在文档开头的输出缓冲。 (这只是基于我在其他人的代码中看到的一些错误。)
您在原始文章“ mysqli_stmt_bind_param()中期望参数1为mysqli_stmt”中描述的错误意味着查询语法很可能有错误,这是我修改的主要元素。