0

我已经创建了一个登录系统,现在我正在尝试向它添加重置密码代码。除了没有写入 Mysql 数据库外,一切似乎都运行良好。任何帮助将不胜感激。

    <?php
if(isset($_POST['submit'])){
$mycode = ($_POST['code']);
$mynewpass = ($_POST['password']);
$myconfpass = ($_POST['password1']);

    //checks if all fields are filled
if( (empty($mynewpass)) || (empty($myconfpass)) || (empty($mycode)) ){
    $errors[] = '<center>All fields must be filled in.<center>';
}   
    //check if passwords match
if ($mynewpass != $myconfpass){
    $errors[] = '<center>Your passwords do not match</center>'; 
}
        if (!empty($errors)){
    foreach($errors as $error){
        echo '<strong>',$error ,'</strong><br />';
    }
    }else{

include 'Grubconfig.php';

mysql_connect($host, $user, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());

// change password
$mychk = mysql_query(" SELECT * FROM customer WHERE passreset = '$mycode' ");

if(mysql_num_rows($mychk) == 1)

     mysql_query("UPADTE customer SET Password='$mynewpass' WHERE passreset='$mycode'");
     mysql_query("UPADTE customer SET passreset='0' WHERE passreset='$mycode'");

    echo '<center>Your password has been reset Please click <a href="Grublogin.php">here !</a><center>';
    }

} ?>

4

2 回答 2

3

错别字:

 mysql_query("UPADTE customer SET Password='$mynewpass' WHERE passreset='$mycode'");
              ^^^^^^--- UPDATE (swap D and A)

永远不要假设您的查询是成功的。始终检查错误:

$result = mysql_query($sql) or die(mysql_error());
                           ^^^^^^^^^^^^^^^^^^^^^^-- bare minimum error handling

您也很容易受到SQL 注入攻击。因此,您最好在部署此代码之前阅读它们并修复漏洞。

于 2013-04-18T19:17:21.797 回答
0 
if(mysql_num_rows($mychk) == 1)

 mysql_query("UPADTE customer SET Password='$mynewpass' WHERE passreset='$mycode'");
 mysql_query("UPADTE customer SET passreset='0' WHERE passreset='$mycode'");
  1. UPDATE 拼写错误
  2. 您没有打开数字括号if ( ... ) { ,因为您有 2 个语句

您可以将它们粘贴到一个查询中:

UPDATE customer SET password = '$mynewpass', passreset = 0 WHERE passreset = '$mycode';

但是,您最好将数据库交互迁移到 MySQLi 或 PDO。mysql 库现已弃用。

于 2013-04-18T19:19:14.703 回答