Fatal编程技术网
  • php/
  • PHP查看密码是否匹配,如果匹配,则提交其数据

PHP查看密码是否匹配,如果匹配,则提交其数据

php mysql error-handling

PHP查看密码是否匹配,如果匹配,则提交其数据,php,mysql,error-handling,Php,Mysql,Error Handling,我是php新手,学习速度很快。我有一个表单,允许用户更新他/她的安全问题,还要求用户输入他/她的参考号,以便继续进行更改 我的表格代码如下: <form action="securityupdated.php" method="post"> <table width="80%" border="0"> <tr> <td><label for="secret_question">Secret Question<

我是php新手,学习速度很快。我有一个表单,允许用户更新他/她的安全问题,还要求用户输入他/她的参考号,以便继续进行更改

我的表格代码如下:

    <form action="securityupdated.php" method="post">

<table width="80%" border="0">
  <tr>
    <td><label for="secret_question">Secret Question</label></td>
    <td><span id="spryselect1">
      <select name="secret_question" id="secret_question">
        <option selected="selected">Please Select Your Secret Question</option>
        <option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
        <option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
        <option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
        <option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
      </select>
      <span class="selectRequiredMsg">*</span></span></td>
  </tr>
  <tr>
    <td><br /><label for="secret_anwser">Your Anwser</label></td>
    <td><br /><span id="sprytextfield1">
      <input type="text" name="secret_anwser" id="secret_anwser" />
      <span class="textfieldRequiredMsg">*</span></span></td>
  </tr>
  <tr>
    <td><br /><label for="password">Your Reference</label>
</td>
    <td><br />
      <span id="sprytextfield2">
      <input type="text" name="ref" id="ref" />
      <span class="textfieldRequiredMsg">*</span></span></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><br /><input name="" type="submit" value="Update" /></td>
  </tr>
</table>
</form>

    <?php 
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);

$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";

if (!mysql_query($sql))
  {
        die('Error: ' . mysql_error());
  }
  else 
  {
      echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';

  }
?>


秘密问题
请选择您的秘密问题
你母亲的娘家姓是什么
你的第一只宠物叫什么名字
你的第一辆车是什么
你最喜欢什么颜色
*

您的Anwser


*

您的推荐人


*
我的php脚本如下所示:

    <form action="securityupdated.php" method="post">

<table width="80%" border="0">
  <tr>
    <td><label for="secret_question">Secret Question</label></td>
    <td><span id="spryselect1">
      <select name="secret_question" id="secret_question">
        <option selected="selected">Please Select Your Secret Question</option>
        <option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
        <option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
        <option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
        <option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
      </select>
      <span class="selectRequiredMsg">*</span></span></td>
  </tr>
  <tr>
    <td><br /><label for="secret_anwser">Your Anwser</label></td>
    <td><br /><span id="sprytextfield1">
      <input type="text" name="secret_anwser" id="secret_anwser" />
      <span class="textfieldRequiredMsg">*</span></span></td>
  </tr>
  <tr>
    <td><br /><label for="password">Your Reference</label>
</td>
    <td><br />
      <span id="sprytextfield2">
      <input type="text" name="ref" id="ref" />
      <span class="textfieldRequiredMsg">*</span></span></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><br /><input name="" type="submit" value="Update" /></td>
  </tr>
</table>
</form>

    <?php 
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);

$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";

if (!mysql_query($sql))
  {
        die('Error: ' . mysql_error());
  }
  else 
  {
      echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';

  }
?>

我不相信“安全问题”,但我认为添加密码检查是合理的,因为如果有人做到这一点,他可能会阻止真正的用户请求密码恢复,如果这正是您使用它的目的。所以是的,使用
mysql\u fetch\u row
获取密码(我希望它是sha1散列?),并将其与用户输入的任何内容进行比较(添加新密码字段)

HTML:


每个人都有一个参考号,还是只有一个参考号

如果每个用户都有自己的ref:

$Result=mysql\u query(“从表中选择*,其中user\u id='user\u id'和ref\u number='$ref\u number'”)

或者如果只有一个参考号:

$Result=mysql\u查询(“从ref\u number='$ref\u number'的表中选择*)

如果提供的ref编号等于数据库中的编号,则返回一行


if (mysql_num_rows($Result) != 0)){
// your update code

} else {
// present password form
}


如果每个人只有一个参考号,那么将该值存储在变量中可能更有趣


$Query = mysql_query("SELECT * FROM table");
$R = mysql_fetch_array($Result);
$RealRef_number = $R['ref_number'];

if ($_POST['Ref_number'] == $RealRef_number){
  // proceed to updating
} else {
  // they were not equal..
}



嗨,谢谢,但是如果你不介意的话,你能帮我编码吗?因为我不知道如何检查匹配,然后更新用户安全问题。

if (mysql_num_rows($Result) != 0)){
// your update code

} else {
// present password form
}



$Query = mysql_query("SELECT * FROM table");
$R = mysql_fetch_array($Result);
$RealRef_number = $R['ref_number'];

if ($_POST['Ref_number'] == $RealRef_number){
  // proceed to updating
} else {
  // they were not equal..
}