$ _get无效

i created update code for updating password in a table using id.This is the url from where i am getting id using $_GET but its not working.

http://www.example.com/en/resetPaSS.php?id=1&token=779d2aa48de104db46d66e29de576aac

The code:

if(isset($_POST['sub']))
{
$pass_hash = PassHash::hash($_POST['pass']);

$sql = "UPDATE user SET password='$pass_hash' WHERE id='$_GET[id]'";
$resu = mysqli_query($link,$sql);
//echo $sql;
if(!$resu)
    {
     $error="Unable to change Password. Try Again!";
    }
    else
    {
     echo"changed";
    }
}

I also echo $sql and it shows UPDATE user SET password='$2a$10$bed9ad8e6cb910e0f1f12uXJldZLQ79f5HVrIiIAIZeZ9088Rre9.' WHERE id=''

Also tried $_REQUEST but still not works.

EDIT: I am using this url for reseting password to send to the user which is created using http://www.example.com/en/resetPaSS.php?id=$id&token=$token

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doudang1890 2013-06-08 13:31
关注
If you use a form, then the id is not in the action url. You can also post the id by using a hidden input field

You must use prepared statement to prevent sql injection:

$sql = "UPDATE user SET password='?' WHERE id=?"; $stmt = $link->prepare($sql); /* bind parameters */ $stmt->bind_param("si", $pass_hash, $_GET['id']); /* execute query */ $stmt->execute();

EDIT By clicking the link you will be go to your page where a form is. You have to edit the the id to the form or action url to make your script working by doing the following steps

make a variabele named id like this:

$id = isset($_GET['id']) ? $_GET['id'] : $_POST['id'];

also add hidden field to the form:

<input type="hidden" name="id" value="<?php echo $id; ?>">

Change the query bind_param to:

$stmt->bind_param("si", $pass_hash, $id);
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

报告相同问题？

关注问题

$ _get无效 php
2013-06-08 13:19

回答 3 已采纳 If you use a form, then the id is not in the action url. You can also post the id by using a hidde
使用$ _GET将变量传递到另一个页面无效 html php
2016-05-23 05:40

回答 1 已采纳 You have issue in your PAGE 2 file : Replace <? with <?php Title: <?php echo $_GET['tit
取消设置$ _SESSION无效 facebook php sql
2013-05-26 18:04

回答 2 已采纳 It's not recommended to unset session variables this way. Use session_unset(), see http://php.net/
PHP 过滤 $_POST 或 $_GET 接收的参数
2019-06-10 19:43

monster_end的博客话不多说先放代码讲一讲博主为什么要做这个: ...如$_POST、$_GET 功能：防注入 *************************/ //你想要过滤的非法字符 $ArrFiltrate=array("'","or","and","union","where","&","j...
php $ _REQUEST []不起作用 ajax html javascript php
2017-09-02 17:48

回答 2 已采纳 There are few things you need to change in your code, such as: echo $_REQUEST["name"]+"...."+$_R
PHP：if（isset（$ _ COOKIE ['name']））无效 php
2018-03-22 13:37

回答 2 已采纳 setcookie() must be called before any output is sent to the browser. Otherwise it will cause an he
PHP $ _POST请求无效 html php
2014-10-18 23:11

回答 1 已采纳 <input type="button"> is for a button that doesn't do anything (unless you hang JavaScript o
php中的$_GET和$_POST
2022-04-18 09:30

畅享美好的博客在PHP中，$_GET数组获取使用GET方式提交的表单数据语法：变量名=$_GET["name"]; //name指表单元素name属性值 $_GET[]与$_POST[]的区别： GET方式会将表单中的数据以URL字符串的形式发送给服务器将test.php以GET...
if（$ _ SERVER ['REQUEST_METHOD'] =='POST'）无效。数据未从数据库中检索[关闭] php
2017-09-03 19:28

回答 1 已采纳 Your code was poorly written; I tried to fix it. Please note that I strongly recommends the use
jQuery $ .get请求无效 javascript jquery php
2013-07-13 13:09

回答 3 已采纳 Ok solved this by using an <iframe>: <form action="save.php" method="post" target="theif
Wordpress函数wp_get_attatchment_url无效 php
2019-07-18 09:12

回答 2 已采纳 wp_get_attatchment_url looks like mistype, it seems that correct name is wp_get_attachment_url.
PHP 模拟$_PUT实现代码
2020-12-18 01:35

PHP里有$_GET，$_POST，但是没有$_PUT，所以如果需要使用它的话，则你不得不自己模拟一下：复制代码代码如下: $_PUT = array(); if (‘PUT’ == $_SERVER[‘REQUEST_METHOD’]) { parse_str(file_get_contents&#40...
file_get_contents无效 - 连接被拒绝 php
2017-01-01 20:02

回答 1 已采纳 Isn't Hostgator blocking the requests because of the DDoS protection? Give them a call, my hosting
使用$_GET[]获取表单数据（PHP）
2019-06-02 01:30

_xw2018的博客在PHP中，$_GET数组获取使用GET方式提交的表单数据语法：变量名=$_GET["name"]; //name指表单元素name属性值 $_GET[]与$_POST[]的区别： GET方式会将表单中的数据以URL字符串的形式发送给服务器将test.php以GET...
PHP 表单验证 - $_GET 和 $_POST、防攻击的htmlspecialchars()
2017-05-10 20:47

白小明80583600的博客 PHP 超全局变量 $_GET 和 $_POST 用于收集表单数据。何时使用 GET？ $_GET 是通过 URL 参数传递到当前脚本的变量数组。通过 GET 方法从表单发送的信息会显示在 URL 中，绝不能使用 GET 来发送密码或其他敏感信息...
没有解决我的问题, 去提问

悬赏问题

¥200 总是报错，能帮助用python实现程序实现高斯正反算吗？有偿
¥15 对于squad数据集的基于bert模型的微调
¥15 为什么我运行这个网络会出现以下报错？CRNN神经网络
¥20 steam下载游戏占用内存
¥15 CST保存项目时失败
¥15 树莓派5怎么用camera module 3啊
¥20 java在应用程序里获取不到扬声器设备
¥15 echarts动画效果的问题，请帮我添加一个动画。不要机器人回答。
¥15 Attention is all you need 的代码运行
¥15 一个服务器已经有一个系统了如果用usb再装一个系统，原来的系统会被覆盖掉吗

$ _get无效

3条回答 默认 最新

悬赏问题

3条回答默认最新