0

我在下面有一段代码,它在验证和成功时执行某些 php/mysqli 任务。我在下面的代码中遇到的问题是,如果用户输入了由 SELECT 查询确定的不正确的用户名或电子邮件,如果没有匹配的用户名和电子邮件,那么它应该显示错误消息Your Username or Email was not Correct。但相反,它显示此错误消息An error has occured, your Email was not sent containing your new Password

我的问题是为什么它显示不正确的错误消息,我怎样才能让它显示正确的错误消息?

            if(isset($_POST['resetbtn'])){
                //get form data
                $user = $_POST['user'];
                $email = $_POST['email'];

 $errors = array();


if(!$errors) {

            $query = "SELECT TeacherUsername, TeacherEmail FROM Teacher WHERE TeacherUsername = ? AND TeacherEmail = ?";
            // prepare query
            $stmt=$mysqli->prepare($query);
            // You only need to call bind_param once
            $stmt->bind_param("ss",$user, $email);
            // execute query
            $stmt->execute(); 
            // get result and assign variables (prefix with db)
            $stmt->bind_result($dbTeacherUsername, $dbTeacherEmail);
            //get number of rows
            $stmt->store_result();
            $numrows = $stmt->num_rows();                                  

            if ($numrows == 1){

                   $pass = rand();
                   $teacherpassword = md5($pass);
                   $teacherpassword = substr($pass, 0, 15);
                   $teacherpassword = md5(md5("g3f".$pass."rt4")); 

                //update password in db   
                $updatesql = "UPDATE Teacher SET TeacherPassword = ? WHERE TeacherUsername = ?";                                            
                $update = $mysqli->prepare($updatesql);
                $update->bind_param("ss", $teacherpassword, $user);
                $update->execute();

            $query = "SELECT TeacherUsername, TeacherPassword FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ?";
            // prepare query
            $stmt=$mysqli->prepare($query);
            // You only need to call bind_param once
            $stmt->bind_param("ss",$user,$teacherpassword);
            // execute query
            $stmt->execute(); 
            // get result and assign variables (prefix with db)
            $stmt->bind_result($dbTeacherUsername, $dbTeacherPassword);
            //get number of rows
            $stmt->store_result();
            $selectnumrows = $stmt->num_rows();

                            }else{
                        if(!$numrows){
                        $errormsg = "Your Username or Email was not Correct"; 
                        $user = "";
                        $email = "";
                    }
                }
        }


        if(empty($errors)) {
            if ($selectnumrows == 1){


                   $errormsg = "<span style='color: green'>Your Password has been Reset. An Email has been sent with your New Password</span>";


                    else{
                     $errormsg = "An error has occured, your Email was not sent containing your new Password";   

               }
           }

下面是表格:

            echo "<form action='./forgotpass.php' method='post'>
            <table>
            <tr>
            <td></td>
            <td id='errormsg'>$errormsg</td>
            </tr>
            <tr>
            <td>Username</td>
            <td><input type='text' name='user' value='$user'/><br/>".$error_user."</td>
            </tr>
            <tr>
            <td>Email</td>
            <td><input type='text' name='email' value='$email'/><br/>".$error_email."</td>
            </tr>
            <tr>
            <td></td>
            <td><input type='submit' name='resetbtn' value='Reset Password' /></td>
            </tr>
            </table>
            </form>";
4

3 回答 3

1

发生的情况是,如果 $query 没有返回任何行,首先您的 $errormsg 变为“您的用户名或电子邮件不正确”,然后变为:“发生错误,您的电子邮件未发送包含您的新密码”。

条件完全相同(相同的查询!),所以如果第一个为真,那么第二个也为真。我不确定你为什么需要两个相同的查询,但如果你确实需要它,请尝试将最后几行中的 $errormsg 变量更改为另一个变量(例如 $errormsg2)并在表单中分别回显它们。

于 2012-12-10T20:45:50.647 回答
1 
$numrows = $stmt->num_rows();

应该

$numrows = $stmt->num_rows;   


if ($numrows == 1){

应该

if ($numrows === 1){
于 2012-12-10T20:52:02.077 回答
0

@John提到了一个问题——

$selectnumrows = $stmt->num_rows();

需要采用 OOP 风格-

$selectnumrows = $stmt->num_rows;

(在您的情况下, ==vs===是可选的,但很好的做法)

但是你得到的原因 -An error has occured, your Email was not sent containing your new Password而不是Your Username or Email was not Correct因为你正在设置$errormsg你的第一次检查并用你的第二次检查重置它。我已经压缩了你的代码并添加了//Comments

$errors = array();

if(!$errors) {  //This is returning true
  ...
  if ($numrows == 1){ //This is returning false
   ...
  }else{
     if(!$numrows){
         $errormsg = "Your Username or Email was not Correct";  //So this is getting set
         ...
     }
  }
}
if(empty($errors)) {  // But this is also returning true
  if ($selectnumrows == 1){   // And this is also returning false
      $errormsg = "<span style='color: green'>Your Password has been Reset. An Email has been sent with your New Password</span>";
  } //This closing '}' is missing in your posted code!!
  else{
       $errormsg = "An error has occured, your Email was not sent containing your new Password";   //So now $errormsg is being reset.
  }
}
于 2012-12-10T21:37:24.293 回答