电子邮件验证-站点保持空白-PHP、MYSQL_Php_Mysql

电子邮件验证-站点保持空白-PHP、MYSQL

php mysql

电子邮件验证-站点保持空白-PHP、MYSQL,php,mysql,Php,Mysql,当一个新用户注册并同意时，我会向我发送一封电子邮件。现在我有了这个verify.php代码： <?php mysql_connect("localhost", "database", "pw", "databasename") or die(mysql_error()); // Connect to database server(localhost) with username and password. mysql_select_db("databasename") or die(my

当一个新用户注册并同意时，我会向我发送一封电子邮件。现在我有了这个verify.php代码：

<?php
mysql_connect("localhost", "database", "pw", "databasename") or die(mysql_error()); // Connect to database server(localhost) with username and password.
mysql_select_db("databasename") or die(mysql_error()); // Select registration database.

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
    // Verify data
    $email = mysql_escape_string($_GET['email']); // Set email variable
    $hash = mysql_escape_string($_GET['hash']); // Set hash variable

    $search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error()); 
    $match  = mysql_num_rows($search);

    if($match > 0){
        // We have a match, activate the account
        mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());
        echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
    }else{
        // No match -> invalid url or account has already been activated.
        echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
    }

}else{
    // Invalid approach
    echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>

但一旦我点击了链接，它就会停留在空白的网站上。。无错误，但对…无更改：（很确定有一个小错误，我找不到。

< p>）使用die（）是一个坏主意，如果发生这种情况，错误被记录到Apache错误日志中，而你将留下一个空白的屏幕。你应该考虑远离使用这种与MySQL交互的方式，并考虑用准备好的语句使用PDO（）。要查看实际错误，请查看web服务器错误日志并查看记录的内容。

检查此行：

如果（isset（$获取['email']）和&！empty（$获取['email']）和isset（$获取['hash']）和&！empty（$获取['hash']））{

您在此处使用了“和”。它应该是：

如果（（isset（$获取['email']）&&！empty（$获取['email']）&&（$获取['hash']）isset（$获取['hash']）&&！empty（$获取['hash']））{

我已经检查了您的脚本，它正在进行一些修改。根据我的说法，可能的错误是状态数据类型。它应该是“int”，请检查以下内容：

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
    // Verify data
    $email = mysql_escape_string($_GET['email']); // Set email variable
    $hash = mysql_escape_string($_GET['hash']); // Set hash variable

    $search = mysql_query("SELECT * FROM test_users WHERE u_email='".$email."' AND u_hash='".$hash."' ") or die(mysql_error()); 
    $match  = mysql_num_rows($search);

    if($match > 0){
        // We have a match, activate the account
        mysql_query("UPDATE test_users SET u_status='1' WHERE u_email='".$email."' AND u_hash='".$hash."'") or die(mysql_error());
        echo '<div class="statusmsg">Your account has been activated, you can now login</div>';
    }else{
        // No match -> invalid url or account has already been activated.
        echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
    }

}else{
    // Invalid approach
    echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>

if（isset（$获取['email']）和&！empty（$获取['email']）和isset（$获取['hash']）和&！empty（$获取['hash']））{
//验证数据
$email=mysql\u escape\u string（$\u GET['email']）；//设置电子邮件变量
$hash=mysql\u escape\u string（$\u GET['hash']）；//设置哈希变量
$search=mysql\u query（“从test\u用户中选择*，其中u\u email=”“$email.”和u\u hash=”“$hash.”）或die（mysql\u error（））；
$match=mysql\u num\u行（$search）；
如果（$match>0）{
//我们有匹配项，激活帐户
mysql_查询（“更新测试_用户设置u_状态='1'，其中u_email=''.$email.'和u_hash='.$hash.''））或死亡（mysql_error（））；
echo“您的帐户已激活，您现在可以登录”；
}否则{
//没有匹配->无效的url或帐户已被激活。
echo“url无效，或者您已经激活了您的帐户。”；
}
}否则{
//无效方法
echo“无效方法，请使用已发送到您电子邮件的链接。”；
}
?>

解决方法：

<?php
ini_set('display_errors', true); error_reporting(E_ALL);
$link = $link = mysqli_connect("localhost", "database", "pw!", "database");


// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
    // Verify data
    $email = mysqli_escape_string($link, $_GET['email']); // Set email variable
    $hash = mysqli_escape_string($link, $_GET['hash']); // Set hash variable
    $passwort = mysqli_escape_string($link, $_GET['passwort']); // Set hash variable

    $passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);

    $search = mysqli_query($link, "SELECT email, hash, active, passwort FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error()); 
    $match  = mysqli_num_rows($search);

    if($match > 0){
        // We have a match, activate the account
        mysqli_query($link, "UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error()); 
        echo '<div class="statusmsg">Your account has been activated, you can now login</div>';

    }else{
        // No match -> invalid url or account has already been activated.
        echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
    }

}else{
    // Invalid approach
    echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>

没有错误；我看不到任何相同的错误报告语法..但一旦我单击链接，站点将保持空白..并且数据库中没有任何更改：）网站空白，对我来说意味着500和php的死亡。可能是因为使用了mysql\u*
函数……每次你在新代码中使用数据库扩展，它都会被弃用，多年来一直在PHP7中消失。如果你只是在学习php，请花精力学习PDO
或mysqli
数据库扩展你认为通过电子邮件发送是安全的吗？这是一种非常不安全的机制，用户散列了密码？？？我认为散列密码我认为你误解了什么die（\u一些字符串\u在这里）
是的。它不会将该字符串发送到apache错误日志。它会将该字符串显示到浏览器。如果他使用了errorno，则该字符串将与该代码一起退出。（ps：我不是向下投票人）没有死亡（）它仍然将我留在空白屏幕上：）…是的，我知道..但我现在开始这样做：（这有什么问题吗？你介绍的东西没有什么不同。除了比较的顺序之外，但是如果所有的东西都是AND，那么它就不重要了。小注释和=&
最好写成！empty（$\u GET['email']）和！empty（$\u GET['hash']））伙计们，很抱歉我回答错了，但请不要再给我否决票了。嗨..你们做了什么修改？我只是从数据库中看到了其他名称，然后是我的..你们的意思应该是“int”“active”是默认的0 int
<?php
ini_set('display_errors', true); error_reporting(E_ALL);
$link = $link = mysqli_connect("localhost", "database", "pw!", "database");


// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){
    // Verify data
    $email = mysqli_escape_string($link, $_GET['email']); // Set email variable
    $hash = mysqli_escape_string($link, $_GET['hash']); // Set hash variable
    $passwort = mysqli_escape_string($link, $_GET['passwort']); // Set hash variable

    $passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);

    $search = mysqli_query($link, "SELECT email, hash, active, passwort FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error()); 
    $match  = mysqli_num_rows($search);

    if($match > 0){
        // We have a match, activate the account
        mysqli_query($link, "UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysqli_error()); 
        echo '<div class="statusmsg">Your account has been activated, you can now login</div>';

    }else{
        // No match -> invalid url or account has already been activated.
        echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';
    }

}else{
    // Invalid approach
    echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';
}
?>