我似乎找不到我的代码有什么问题。
我只是想有一个不偏不倚的意见,因为对我来说它是完美的,它不是 xD。
<?php
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: login.php");
die("Redirecting to login.php");
}
if(!empty($_POST))
{
if($_POST['eID'] != $_SESSION['user']['eID'])
{
$query = "
SELECT
1
FROM users
WHERE
eID = :eID
";
$query_params = array(
':eID' => $_POST['eID']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("This employee ID is already registered");
}
}
if(!empty($_POST['password']))
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
}
else
{
$password = null;
$salt = null;
}
$query_params = array(
':eID' => $_POST['eID'],
':user_id' => $_SESSION['user']['id'],
);
if($password !== null)
{
$query_params[':password'] = $password;
$query_params[':salt'] = $salt;
}
$query = "
UPDATE users
SET
eID = :eID
";
if($password !== null)
{
$query .= "
, password = :password
, salt = :salt
";
}
$query .= "
WHERE
id = :user_id
";
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$_SESSION['user']['eID'] = $_POST['eID'];
header("Location: private.php");
die("Redirecting to private.php");
}
?>
<h1>Edit Account</h1>
<form action="edit_account.php" method="post">
Username:<br />
<b><?php echo htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8'); ?></b>
<br /><br />
EmployeeID:<br />
<input type="text" name="eID" value="<?php echo htmlentities($_POST['eID'], ENT_QUOTES, 'UTF-8'); ?>" />
<br /><br />
Password:<br />
<input type="password" name="password" value="" /><br />
<i>(leave blank if you do not want to change your password)</i>
<br /><br />
<input type="submit" value="Update Account" />
</form>
它是一个代码,它将改变我数据库中的数据。似乎我的“eID”有错误