Question

当我为CAPTCHA输入正确答案时，它工作正常。后给出错误的答案会给出警告消息，然后提供CAPTCHA字段显示为空白

<?php
session_start();
  $math='';
if(!isset($_POST['submit1']))
{
$digit1 = mt_rand(1,20);
    $digit2 = mt_rand(1,20);
    if( mt_rand(0,1) === 1 ) {

            $math = "$digit1 + $digit2";
            $_SESSION['ccanswer'] = $digit1 + $digit2;
    } else {

            $math = "$digit1 - $digit2";
            $_SESSION['ccanswer'] = $digit1 - $digit2;
    }
}

include('inc/subheader.php');
require "connection.php";

if(isset($_POST['submit1']))
{


        $xyzname=$_SESSION['XYZname'];
         $correct_answer=$_SESSION['ccanswer'];
        $answerRR=$_POST['answer1'];
         if($correct_answer==$answerRR){
            $sql="SELECT pwd FROM  logins WHERE username = '".$xyzname."' and encrypt_pwd='".$_POST['opwd']."'";
            $result1 = pg_query($pgcon,$sql);
            $num=pg_num_rows($result1);

            if($num>0)
            {

            $updatephoto ="UPDATE xyz set encrypt_pwd='".$_POST['npwd']."' where username='".$xyzname."'";
            pg_query($updatephoto);
            echo "<script>alert('Your password has been reset successfully!');</script>";
            }
            else
            {

                echo "<script>alert('Sorry, there is no match for that password.');</script>";
            }   

                        }else{

                            echo  "<script>alert('Invalid captcha');</script>";
                            $_SESSION['ccanswer']='';
                        }



            }
?>



    <form name="chngpwd" action="" method="post" id="demo">
                <div class="form-group">
                        <label for="exampleInputPassword1">Old Password</label>
                  <input type="password" class="form-control" id="opwd" required placeholder="Old Password" name="opwd" onkeypress="return blockSpecialChar(event)">

                </div>
                 <div class="form-group">
                        <label for="exampleInputPassword1">New Password</label>
                  <input type="password" class="form-control" id="npwd" name="npwd" required placeholder="New Password" onkeypress="return blockSpecialChar(event)">

                </div>
                 <div class="form-group">
                        <label for="exampleInputPassword1">Confirm Password</label>
                  <input type="password" class="form-control" data-rules-equalTo="#npwd" required id="cpwd" placeholder="Confirm Password" onkeypress="return blockSpecialChar(event)">

                </div>
                                <div class="form-group">
                 <label for="exampleInputPassword1">Captcha</label>
               <input id="answer1" name="answer1" type="text" placeholder="<?php echo $math; ?>" class="form-control" required="required" data-validation-required-message="Please enter Captcha Code."/>
                <p class="help-block text-danger"><?php if(isset($_GET['msg'])) { echo "Invalid Captcha Code.";}?></p>
                </div>
                 <div class="box-footer">
                <button type="submit" class="btn btn-primary" name="submit1" value="Change Passowrd" >Submit</button>
              </div>
          </form>

给出错误消息后，我希望验证码字段不为空。

我没有找到错误，但CAPTCHA下的字段显示为空。

我尝试重新加载页面，然后正常工作，但是之前填写的表单没有显示值。

Answer 1

您需要在“值”字段中输入错误答案，如下所示：

... input type="text" value="<?php echo $variable;?>" ...

我还注意到您在不使用变量转义的情况下使用SQL进行操作，这肯定会导致SQL注入攻击。

为什么在PHP中给出错误无效的验证码后不重新验证码

1 个答案: