Javascript 如何在PHP中更改密码?
这是我的模型:Javascript 如何在PHP中更改密码?,javascript,php,jquery,Javascript,Php,Jquery,这是我的模型: public function editNewPassword($data){ // $user_name = $data['user_name']; $user_id = $data['id']; $user_oldpass = $data['password']; $user_newpass = $data['newpass']; $sql = "UPDATE user SET password = '".md5($user_new
public function editNewPassword($data){
// $user_name = $data['user_name'];
$user_id = $data['id'];
$user_oldpass = $data['password'];
$user_newpass = $data['newpass'];
$sql = "UPDATE user SET password = '".md5($user_newpass)."' WHERE password = 'md5($user_oldpass)' ";
$query = $this->db->prepare($sql);
$query->execute();
}
public function getUser(){
return $this->db->select("SELECT * FROM 'users'");
}
这是我的控制器:
function changePassword(){
if(isset ($_POST['edit_password'])){
$user_oldpass = ($_POST['user_oldpass']);
$user_id = ($_POST['user_id']);
$user_name = ($_POST['user_name']);
$user_newpass = ($_POST['user_newpass']);
$this->model->editNewPassword($data);
}
}
这是我的视图代码:
<form role="form">
<!-- <input typ e="text" name="username" id="username" placeholder="Enter Your Username"><br> -->
<input type="text" name="old_password" id="old_password" placeholder="Enter Your Old Password"><br>
<input type="text" name="new_password" id="new_password" placeholder="Enter Your New Password"><br>
<input type="text" name="con_newpassword" id="con_newmpassword" placeholder="Enter Confirm Password"><br>
<span id='message'></span>
<input type="hidden" id="edit_password_id">
<button id="edit_password" style="background-color:#008000">Submit</button>
我的问题是我的密码不会改变,即使没有错误,我也不知道我的代码哪里有错误。我对此一无所知。这里的代码是最直接的问题:
$sql = "UPDATE user SET password = '" .
md5($user_newpass) .
"' WHERE password = 'md5($user_oldpass)' ";
对于“password”密码,数据库将看到:
UPDATE user SET password = '5f4dcc3b5aa765d61d8327deb882cf99'
WHERE password = 'md5(password)'
我相信您希望这里的md5()
被视为一个数据库函数,但由于它在引号中,所以它将被视为一个普通字符串。由于您的用户没有密码md5(password)
,因此将运行查询,并且不会影响任何行
相关建议
- 不要将MD5用作密码的哈希算法
- 一定要用盐
- 除非您知道自己在做什么,否则请使用内置的哈希和salt函数
- 密码更新应根据用户和密码进行过滤,而不仅仅是用户
- 使用参数绑定避免SQL注入
$user\u oldpass
变量将展开,但md5(
和)
部分也将包含在内。查询将查找类似于md5(admin1234)
(而不是md5哈希)的内容,并且它与您要查找的记录不匹配。
UPDATE user SET password = '5f4dcc3b5aa765d61d8327deb882cf99'
WHERE password = 'md5(password)'