我的脚本仅在一种形式上输出MySQL错误。
我真的没有尝试其他任何事情。我无法解决这个问题,因为该连接对于注册和登录表单都适用。
<?php
//Connection.php
error_reporting(E_PARSE | E_ERROR );
$server = "localhost";
$username ="root";
$password = "";
$db="mydb";
$conn = mysqli_connect($server, $username, $password, $db);
//check connection
if(!$conn){
die("connection failed: " . mysqli_connect_error());
}else{
echo "<script> console.log('connected'); </script>";
}
if($_SESSION['LoggedInEmail']){
session_start();
}
?>
<?php
include('header.php');
include('connection.php');
$name=$surname=$email=$hashedPassword='';
if(session_status() != PHP_SESSION_NONE){
session_start();
$cookieEmail = $_COOKIE['email'];
$query = "SELECT name, surname, password, email FROM users WHERE email = '$cookieEmail'";
$result = mysqli_query($conn, $query);
if(mysqli_num_rows($result) > 0){
while($row = mysqli_fetch_assoc($result)){
$name = $row['name'];
$surname = $row['surname'];
$email = $row['email'];
$hashedPassword = $row['password'];
$_SESSION['LoggedInName']=$name;
$_SESSION['LoggedInSurname']=$surname;
$_SESSION['LoggedInEmail']=$email;
}
}else{
$logginError = "<div class='alert alert-danger'>Wrong username/password combination</div>";
echo "<script> console.log('Wrong username/password combination'); </script>";
}
$tempName=$tempSurname=$tempPassword=$tempNewPass=$updateError='';
if(isset($_POST['update'])){
$tempName = ValiForm($_POST['name']);
$tempSurname = ValiForm($_POST['surname']);
$tempPassword = ValiForm($_POST['password']);
$tempNewPass = ValiForm($_POST['newPassword']);
if($tempName!= '' && $tempSurname!= '' && $tempPassword != '' && $tempNewPass != ''){
if(password_verify($tempPassword, $hashedPassword)){
$tempNewPass = password_hash($tempNewPass, PASSWORD_DEFAULT);
$query = "UPDATE name, surname, email, password SET name='$tempName', surname='$tempSurname', email = '$email', password='$tempNewPass' WHERE email='$email'";
$result = mysql_query($conn,$query);
if(mysqli_query($conn, $result)){
echo "<div class='alert alert-success'>New record in database</div>";
header("Location: index.php");
echo "<script> console.log(' combination'); </script>";
}else{
echo "Error: ". $query . "<br>" . mysqli_error($conn);
echo "<script> console.log('Wrong username/password combination'); </script>";
}
}else{
echo "<script> console.log('Wrong username/password combination'); </script>";
}
}else{
echo "<script> console.log('Wrong username/password combination'); </script>";
}
}
}else{
session_destroy();
header('Location: '. 'index.php');
die();
}
?>
我从echo "Error: ". $query . "<br>" . mysqli_error($conn);输出此错误:
错误:更新名称,姓氏,电子邮件,密码SET名称=“ Henrique123”, 姓='Araujo123',电子邮件='forthelolz@outlook.pt', 密码='$ 2y $ 10 $ SvAjR91lC0FPxkrzRf7LuOK3I66WftiAK1iCW7c0yWFjETlCfoCc6' 在哪里email='forthelolz@outlook.pt'
答案 0 :(得分:0)
您的UPDATE语法错误。
$query = "UPDATE name, surname, email, password SET name='$tempName', surname='$tempSurname', email = '$email', password='$tempNewPass' WHERE email='$email'";
应为:
$query = "UPDATE table_name SET column1='value1', column2='value2' WHERE columnX='valueX'";
对于您提供的代码,查询如下:
$query = "UPDATE users SET name='$tempName', surname='$tempSurname', password='$tempNewPass' WHERE email='$email'";
测试更新查询是否成功时,代码中还有另一个缺陷。
$result = mysql_query($conn,$query);
if(mysqli_query($conn, $result)){
应该是这样的:
$result = mysqli_query($conn, $query);
if ($result) {
注意: 如注释中所述,您的代码容易受到攻击。您应该真正了解SQL注入以及如何防止它们!