-1

当我输入密码并单击执行提交按钮查询但数据库密码行为空时出现表单错误:(

请帮我解决这个我试过但没有解决的问题。php通过双引号包含html谢谢

<?php echo errormessage();


      if(isset($_REQUEST['email']) && !empty($_REQUEST['email']) AND isset($_REQUEST['token']) && !empty($_REQUEST['token'])){
        // Verify data
        $email = mysql_prep($_REQUEST['email']); // Set email variable
        $token = mysql_prep($_REQUEST['token']); // Set hash variable

        $result = mysqli_query($connection,"SELECT email, hash FROM job_seeker WHERE email='".$email."' AND hash='".$token."'"); 
        $num_rows  = mysqli_num_rows($result);

        if($num_rows > 0){



        echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
        <tr>
          <td width="40%">New Password :</td>
          <td width="60%"><input type="password" required="" value="" name="pass"></td>
        </tr>
        <tr>
          <td>Confirm New Password  : </td>
          <td><input type="password" required="" value="" name="cpass"></td>
        </tr>
        <tr>
          <td></td>
          <td><input type="submit" name="submit" value="Update"></td>
        </tr>

      </table></form>';



//<?php          //var_dump($_POST);

          @$pass = mysql_prep($_POST['pass']);
          @$cpass = mysql_prep($_POST['cpass']);

         if(isset($_POST)){

           if($pass == $cpass)
          {
          //echo $hashed_password = password_encrypt($pass); 
            $hashed_password = $pass; 
          $result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='$hashed_password', hash='' WHERE email='".$email."' AND hash='".$token."'");
          if ($result) {
        // Success
          $_SESSION["message"] = "Password Successfully Changed.";

          } else {
            // Failure
            $_SESSION["message"] = "Oops... Something went wrong.";
          }
         }
          }
        }else{
           $_SESSION["message"] = "OOPS: Link Expired. Please check your inbox.";
        }
      }else{
        //var_dump($_REQUEST);
       redirect_to('index.php');
       }
      ?>
4

4 回答 4

1

代码行:

 if(isset($_REQUEST['email']) && !empty($_REQUEST['email']) AND isset($_REQUEST['token']) && !empty($_REQUEST['token'])){

仅在发布密码(令牌)时检查密码并执行查询。请更新为:

 if(isset($_REQUEST['email']) && !empty($_REQUEST['email'])){

你的代码将起作用。

于 2013-08-23T09:53:39.477 回答
0

我可能是因为您在表单中预定义了值。

尝试改变这一点:

 echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
    <tr>
      <td width="40%">New Password :</td>
      <td width="60%"><input type="password" required="" value="" name="pass"></td>
    </tr>
    <tr>
      <td>Confirm New Password  : </td>
      <td><input type="password" required="" value="" name="cpass"></td>
    </tr>
    <tr>
      <td></td>
      <td><input type="submit" name="submit" value="Update"></td>
    </tr>

  </table></form>';

为了这:

echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
    <tr>
      <td width="40%">New Password :</td>
      <td width="60%"><input type="password" required="" name="pass"></td>
    </tr>
    <tr>
      <td>Confirm New Password  : </td>
      <td><input type="password" required="" name="cpass"></td>
    </tr>
    <tr>
      <td></td>
      <td><input type="submit" name="submit" value="Update"></td>
    </tr>

  </table></form>';

没有值属性

于 2013-08-23T10:12:37.677 回答
0

您的代码的“密码更改”部分存在错误。

 $result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='$hashed_password', hash='' WHERE email='".$email."' AND hash='".$token."'");

根据您的 php 配置,它可能会将密码列设置为

“$hashed_pa​​ssword”

或变量中的任何内容$hashed_password

您可能打算这样做:

 $result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='".$hashed_password."', hash='' WHERE email='".$email."' AND hash='".$token."'");

但这仍然是一个糟糕的想法,因为这很容易受到 sql 注入的影响。

此外,请确保您的列名正确,直至字母。(我不能为你检查)

于 2013-08-23T10:00:06.047 回答
0

问题解决了 if(isset($_POST)){ 哈哈,除了更改代码之外,每个人都给出了新的指令 if(isset($_POST))

于 2015-08-13T06:05:37.123 回答