doutuo7126 2013-06-08 13:19
浏览 49
已采纳

$ _get无效

i created update code for updating password in a table using id.This is the url from where i am getting id using $_GET but its not working.

http://www.example.com/en/resetPaSS.php?id=1&token=779d2aa48de104db46d66e29de576aac

The code:

if(isset($_POST['sub']))
{
$pass_hash = PassHash::hash($_POST['pass']);

$sql = "UPDATE user SET password='$pass_hash' WHERE id='$_GET[id]'";
$resu = mysqli_query($link,$sql);
//echo $sql;
if(!$resu)
    {
     $error="Unable to change Password. Try Again!";
    }
    else
    {
     echo"changed";
    }
}

I also echo $sql and it shows UPDATE user SET password='$2a$10$bed9ad8e6cb910e0f1f12uXJldZLQ79f5HVrIiIAIZeZ9088Rre9.' WHERE id=''

Also tried $_REQUEST but still not works.

EDIT: I am using this url for reseting password to send to the user which is created using http://www.example.com/en/resetPaSS.php?id=$id&token=$token

  • 写回答

3条回答 默认 最新

  • doudang1890 2013-06-08 13:31
    关注

    If you use a form, then the id is not in the action url. You can also post the id by using a hidden input field

    You must use prepared statement to prevent sql injection:

    $sql = "UPDATE user SET password='?' WHERE id=?";
    $stmt = $link->prepare($sql);
    
    /* bind parameters */
    $stmt->bind_param("si", $pass_hash, $_GET['id']);
    
    /* execute query */
    $stmt->execute();
    

    EDIT By clicking the link you will be go to your page where a form is. You have to edit the the id to the form or action url to make your script working by doing the following steps

    make a variabele named id like this:

    $id = isset($_GET['id']) ? $_GET['id'] : $_POST['id'];
    

    also add hidden field to the form:

    <input type="hidden" name="id" value="<?php echo $id; ?>">
    

    Change the query bind_param to:

    $stmt->bind_param("si", $pass_hash, $id);
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)