Php 调试MYSQL语法错误
下面是我在我的网站上的“忘记密码”脚本。我有一个MYSQL表,存储用户的电子邮件地址。它被称为“成员”,有两列:“用户”(用户的电子邮件地址)和“通过”(他们的密码) 电子邮件地址adamjwilkins1604@gmail.com存在于成员表中。当我在忘记密码表单中输入此电子邮件地址时,我收到此错误。我调试这个有很多困难Php 调试MYSQL语法错误,php,mysql,Php,Mysql,下面是我在我的网站上的“忘记密码”脚本。我有一个MYSQL表,存储用户的电子邮件地址。它被称为“成员”,有两列:“用户”(用户的电子邮件地址)和“通过”(他们的密码) 电子邮件地址adamjwilkins1604@gmail.com存在于成员表中。当我在忘记密码表单中输入此电子邮件地址时,我收到此错误。我调试这个有很多困难 You have an error in your SQL syntax; check the manual that corresponds to your MySQL s
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1
<?php // forgot_password.php
include_once 'header.php';
if (isset($_POST['submitted']))
{ // Handle the form.
if (empty($_POST['email']))
{
$uid = FALSE;
echo 'You forgot to enter your registered email address!';
}
else
{
// Check for the existence of the inputted email address.
$email = trim(sanitizeString($_POST['email']));
$result = queryMysql("SELECT user FROM members WHERE user='$email'");
if (mysql_num_rows($result) == 1)
{
// Retrieve the user's email address
list($uid) = mysql_fetch_array ($result, MYSQL_NUM);
}
else
{
echo '<p><font color="red" size="+1">The submitted email address does not match those on file!</font></p>';
$uid = FALSE;
}
}
if ($uid)
{
$p = substr(md5(uniqid(rand(),1)),3,10);
$result = queryMysql("UPDATE members SET pass=SHA('$p') WHERE user = $uid");
if (mysql_affected_rows() == 1)
{
// If it ran OK, send an email.
$email = trim(sanitizeString($_POST['email']));
$body = "Your password has been temporarily changed to '$p'. Please log in using this password and your username.";
mail ($email, 'Your temporary password.', $body, 'From: admin@mywebsite.com');
echo '<h3>Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you have logged in with this password, you may change it by clicking on the "change password" link.</h3>';
mysql_close(); // Close the database connection.
}
else
{
// If it did not run OK.
echo '<p><font color="red" size="+1">Your password could not be changed due to a system error. We apologize for any inconvenience.</font></p>';
}
}
else // Failed the validation test.
{
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}
} // End of the main Submit conditional.
?>
<h1>Reset Your Password</h1>
<p>Enter your email address below and your password will be reset.</p>
<form action="forgot_password.php" method="post">
<fieldset>
<p><b>Your registered email address:</b> <input type="text" name="email" size="20" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p>
</fieldset>
<div align="center"><input type="submit" name="submit" value="Reset My Password" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</form>
</div>
您忘记在更新
语句中引用$uid
。您也忘了转义它。是否尝试输出生成的查询?也。您应该切换到或并使用准备好的语句。sanitizeString()
可能是错误的,顺便说一句,电子邮件地址不是最好的PK,我坚持使用Auto Inc INT。问题是,作为初学者,我正在学习一本书的最新版本(O'Reilly的PHP指南),并且它没有针对mysqli进行更新。编程语言在书籍出版的几个月内就被弃用了。您是否尝试过从$email
或echo
中删除单引号,以查看实际传递给查询的内容?