Php 如何检查表中的密码是否已更新
我已经用php编写了一个脚本来重置用户的密码,如何检查表中的密码是否已更新 例如,如果元组/列中的数据已更改,则发送电子邮件。请检查脚本中的注释Php 如何检查表中的密码是否已更新,php,mysql,mysqli,Php,Mysql,Mysqli,我已经用php编写了一个脚本来重置用户的密码,如何检查表中的密码是否已更新 例如,如果元组/列中的数据已更改,则发送电子邮件。请检查脚本中的注释 $dbcc = mysqli_connect(HOST,NAME,PASSWORD,DATABASE) or die('Error can not connect to database'); $query = "SELECT uid,email FROM `corporate` WHERE (email='$chk_email')&q
$dbcc = mysqli_connect(HOST,NAME,PASSWORD,DATABASE) or die('Error can not connect to database');
$query = "SELECT uid,email FROM `corporate` WHERE (email='$chk_email')";
$result = mysqli_query($dbc, $query);
//found
if(@mysqli_num_rows($result) == 1)
{
$ROW = mysqli_fetch_array($result);
$sent_email = $ROW['email']; //get email
$id = $ROW['uid']; //get uid
$new_password = generatePassword(8);//generates 8 char long random password
$enc_password = md5($new_password); //encrypt
$statement = "UPDATE corpoorate SET password=".$enc_password." WHERE uid ='$id'";
$go = mysqli_query($dbcc,$statement) or die(mysqli_error());
mysqli_close($dbcc);
/*
* HOW DO I CHECK IF PASSWORD IS UPDATED IN THE DATABASE?
* IF IT IS, SEND EMAIL
* IF $go==true does not work!
**/
if($go==true){
$sendmessage = "We have generated a new password token for you.\n Your password is reset to ".$new_password." \n Please note that this password is not secure. Once you login, please reset your password.\n ";
mail($sent_email,'Password Reset',$sendmessage,'From: address@gmail.com');
}
header("Location : http://limozoor.com/login/signin.php");
exit();
}//if
mysqli_close($dbcc);
您之前正在选择用户的电子邮件。。。为什么不同时获取原始密码并将其与您在更新中使用的密码进行比较?您的代码易受SQL注入攻击。有关示例,请参见此处:。了解使用diemysqli_error$conn是一个非常糟糕的主意;因为它可能会泄露敏感信息。请参阅本文了解更多说明:密码何时不会更新?
// remove: $go = mysqli_query($dbcc,$statement) or die(mysqli_error());
$qry =@ mysqli_query($dbcc, $statement);
$aff =@ mysqli_affected_rows($dbcc);
if ($qry === true && $aff > 0) {
mail(...);
}