dqhr76378 2017-10-08 02:39
浏览 44

登录和密码更改PHP和MYsql

I am working on a simple script that allows users to create an account and change password in a database. The only problem I'm having is creating a script that allows the user to change their password. It doesn't update in my DB. I am getting successfully message but it doesn't update in DB. Please help me any suggestions will be much appreciated Please let me know if any more details required?

            <form method="POST">
                old:<input type="text" name="old_pass">
                new:<input type="text" name="">
                conf:<input type="text" name="">
                <input type="submit" name="submit" value="save">
            </form>
            <?php 

            $conn_db = mysqli_connect("localhost","root","","oz");
            if(!$conn_db)
            {
                echo "not connect";
            }
                echo "connect".mysqli_error($conn_db);

                SESSION_START();
            if($_SERVER['REQUEST_METHOD']=="POST")
            {
            if(isset($_POST['submit']))
                {

                $old_pass=$_POST['old_pass'];
                $new_pass=$_POST['new_pass'];
                $re_pass=$_POST['re_pass'];
                $chg_pwd=mysqli_query($conn_db,"SELECT * FROM admin WHERE email='$email'");
                $chg_pwd1=mysqli_fetch_array($chg_pwd);
                $data_pwd=$chg_pwd1['pass'];
                if($data_pwd==$old_pass){
                if($new_pass==$re_pass){
                  $update_pwd=mysqli_query($conn_db,"UPDATE admin SET pass='$new_pass' where email='$email'");

                  echo "<script>alert('Update Sucessfully'); window.location='index.php'</script>";
                }
                else{
                  echo "<script>alert(`Your new and Retype Password is not match`); window.location='index.php'</script>";
                }
                }
                else
                {
                echo "<script>alert(`Your old password is wrong`); window.location='change.php'</script>";
                }}
            }
              ?>
  • 写回答

3条回答 默认 最新

  • drlq92444 2017-10-08 02:51
    关注

    1. You are getting the success message because you are not actually checking if the update was successful. You're just checking if the password match: if($new_pass==$re_pass)

    2. You never define $email, so your WHERE clause generates an empty data set.

    Try defining $email, for example: $email = $_POST['email'] and moving your alert and redirect inside of an if statement that checks the result of the query

    if(mysqli_query($conn_db,"UPDATE admin SET pass='$new_pass' where email='$email'")) {
    echo "<script>alert('Update Sucessfully'); window.location='index.php'</script>";
}

    NOTE:

    1. You shouldn't store your passwords in plain text.
    2. You should safely cast all input before running it in a query to prevent SQL Injection.
    评论

报告相同问题?

悬赏问题

  • ¥15 无线电能传输系统MATLAB仿真问题
  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致
  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题