在php中：数据库中未更新更改密码_Php_Html

在php中：数据库中未更新更改密码

php html

在php中：数据库中未更新更改密码,php,html,Php,Html,我有一个注册表格的任务，我想更改密码。没有错误，当我执行变量转储（var\u dump）时，它正在更改。此外，它在前端显示更改的密码，但在数据库中不更新。我已经尝试了很多更新数据库，但我做错了什么？我认为这是个问题。有人能指出正确的方向来解决我的问题吗？先谢谢你 <?php require_once ( "./connect.php" ); if ( !empty ( $_POST ['submit'] ) ) { $current_password = md5 ( $_POS

我有一个注册表格的任务，我想更改密码。没有错误，当我执行变量转储（

var\u dump

）时，它正在更改。此外，它在前端显示更改的密码，但在数据库中不更新。我已经尝试了很多更新数据库，但我做错了什么？我认为这是个问题。有人能指出正确的方向来解决我的问题吗？先谢谢你

<?php
require_once ( "./connect.php" );
if ( !empty ( $_POST ['submit'] ) ) {  
    $current_password = md5 ( $_POST [ 'current_password' ] );
    $new_password = md5 ( $_POST [ 'new_password' ] );
    $confirm_password = md5 ( $_POST [ 'confirm_password' ] );
    $sql = ( "SELECT `password` FROM `user` WHERE `username` = '$confirm_password' " ) or die ( "Query didn't work" );
    $result = $db->query($sql);
    $current_password = $result [ 'password' ];
    if ( $current_password == $current_password ) {
        if ( $new_password == $confirm_password ) {             
            $sql = ( "update `user` SET `password`='{$confirm_password}' WHERE user_id = $_COOKIE[id]" );
            echo 'success!'; 
        } else {
            echo 'New passwords doesn t match!';
        }
    }
} else {
    echo 'Current password doesn t match';
}
?>
<form action = "" method = "POST">
Current-Password: <input type = "password" name = "current_password" value = ""/><br><br>
New-Password: <input type = "password" name = "new_password" value = ""/><br><br>
Confirm-Password: <input type = "password" name = "confirm_password" value = ""/><br><br>
<input type="submit" name="submit" value="change password"/>
</form>

// connect.php file
<?php
$db = new mysqli("localhost", "root", "", "registration");
if($db->connect_error){
exit("cannot connect to database");
}
?>

在$sql

$sql = ( "update `user` SET `password`='{$confirm_password}' WHERE user_id = $_COOKIE[id]" );
$db->query($sql); //this is missing that why no data update

嗨，请检查一下
<?php
require_once ( "./connect.php" );
if ( !empty ( $_POST ['submit'] ) ) {
    $current_password = md5 ( $_POST [ 'current_password' ] );
    $new_password = md5 ( $_POST [ 'new_password' ] );
    $confirm_password = md5 ( $_POST [ 'confirm_password' ] );
    $sql = ( "SELECT `password` FROM `user` WHERE `username` = 'shan' " ) or die ( "Query didn't work" );
    $result = $db->query($sql);

    if ($result->num_rows > 0) {
    // output data of each row
     while($row = $result->fetch_assoc()) {
        $current_password1 = $row["password"];
     }
    }
    if ( $current_password == $current_password1 ) {
        if ( $new_password == $confirm_password ) {
            $sql = ( "update `user` SET `password`='{$confirm_password}' WHERE user_id = 1" );
            $result = $db->query($sql);
            echo 'success!';
        } else {
            echo 'New passwords doesn t match!';
        }
    }
} else {
    echo 'Current password doesn t match';
}
?>
<form action = "" method = "POST">
Current-Password: <input type = "password" name = "current_password" value = ""/><br><br>
New-Password: <input type = "password" name = "new_password" value = ""/><br><br>
Confirm-Password: <input type = "password" name = "confirm_password" value = ""/><br><br>
<input type="submit" name="submit" value="change password"/>
</form>

密码
=“$confirm\u password”？而不是WHERE
子句中的username
='$confirm\u password'，因为您的用户名将且不应等于密码提示。不要使用md5读取if（$current\u password==$current\u password）{
这不会检查任何东西，也不会执行更新语句add$result=$db->query（$sql）；
在echo'success！'之前；
行我的建议是删除此“代码”，阅读php安全实践并基于此重新编写