PHP查看密码是否匹配,如果匹配,则提交其数据
我是php新手,学习速度很快。我有一个表单,允许用户更新他/她的安全问题,还要求用户输入他/她的参考号,以便继续进行更改 我的表格代码如下:PHP查看密码是否匹配,如果匹配,则提交其数据,php,mysql,error-handling,Php,Mysql,Error Handling,我是php新手,学习速度很快。我有一个表单,允许用户更新他/她的安全问题,还要求用户输入他/她的参考号,以便继续进行更改 我的表格代码如下: <form action="securityupdated.php" method="post"> <table width="80%" border="0"> <tr> <td><label for="secret_question">Secret Question<
<form action="securityupdated.php" method="post">
<table width="80%" border="0">
<tr>
<td><label for="secret_question">Secret Question</label></td>
<td><span id="spryselect1">
<select name="secret_question" id="secret_question">
<option selected="selected">Please Select Your Secret Question</option>
<option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
<option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
<option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
<option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
</select>
<span class="selectRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="secret_anwser">Your Anwser</label></td>
<td><br /><span id="sprytextfield1">
<input type="text" name="secret_anwser" id="secret_anwser" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="password">Your Reference</label>
</td>
<td><br />
<span id="sprytextfield2">
<input type="text" name="ref" id="ref" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Update" /></td>
</tr>
</table>
</form>
<?php
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);
$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
else
{
echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';
}
?>
秘密问题
请选择您的秘密问题
你母亲的娘家姓是什么
你的第一只宠物叫什么名字
你的第一辆车是什么
你最喜欢什么颜色
*
您的Anwser
*
您的推荐人
*
我的php脚本如下所示:
<form action="securityupdated.php" method="post">
<table width="80%" border="0">
<tr>
<td><label for="secret_question">Secret Question</label></td>
<td><span id="spryselect1">
<select name="secret_question" id="secret_question">
<option selected="selected">Please Select Your Secret Question</option>
<option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
<option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
<option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
<option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
</select>
<span class="selectRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="secret_anwser">Your Anwser</label></td>
<td><br /><span id="sprytextfield1">
<input type="text" name="secret_anwser" id="secret_anwser" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="password">Your Reference</label>
</td>
<td><br />
<span id="sprytextfield2">
<input type="text" name="ref" id="ref" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Update" /></td>
</tr>
</table>
</form>
<?php
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);
$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
else
{
echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';
}
?>
我不相信“安全问题”,但我认为添加密码检查是合理的,因为如果有人做到这一点,他可能会阻止真正的用户请求密码恢复,如果这正是您使用它的目的。所以是的,使用mysql\u fetch\u row
获取密码(我希望它是sha1散列?),并将其与用户输入的任何内容进行比较(添加新密码字段)
HTML:
每个人都有一个参考号,还是只有一个参考号
如果每个用户都有自己的ref:
$Result=mysql\u query(“从表中选择*,其中user\u id='user\u id'和ref\u number='$ref\u number'”)代码>
或者如果只有一个参考号:
$Result=mysql\u查询(“从ref\u number='$ref\u number'的表中选择*)代码>
如果提供的ref编号等于数据库中的编号,则返回一行
if (mysql_num_rows($Result) != 0)){
// your update code
} else {
// present password form
}
如果每个人只有一个参考号,那么将该值存储在变量中可能更有趣
$Query = mysql_query("SELECT * FROM table");
$R = mysql_fetch_array($Result);
$RealRef_number = $R['ref_number'];
if ($_POST['Ref_number'] == $RealRef_number){
// proceed to updating
} else {
// they were not equal..
}
嗨,谢谢,但是如果你不介意的话,你能帮我编码吗?因为我不知道如何检查匹配,然后更新用户安全问题。
if (mysql_num_rows($Result) != 0)){
// your update code
} else {
// present password form
}
$Query = mysql_query("SELECT * FROM table");
$R = mysql_fetch_array($Result);
$RealRef_number = $R['ref_number'];
if ($_POST['Ref_number'] == $RealRef_number){
// proceed to updating
} else {
// they were not equal..
}