Php 更改旧密码
嗨,伙计们,我只是一个新的程序员,你能帮我吗, 我无法更改密码,并不断在回音上说错误“密码更改成功” 请帮帮我。 多谢各位Php 更改旧密码,php,jquery,html,Php,Jquery,Html,嗨,伙计们,我只是一个新的程序员,你能帮我吗, 我无法更改密码,并不断在回音上说错误“密码更改成功” 请帮帮我。 多谢各位 <?php if(isset($_POST["login"])) { if(!empty($_POST['oldpass']) && !empty($_POST['password'])) { $oldp=$_POST['oldpass'];
<?php
if(isset($_POST["login"]))
{
if(!empty($_POST['oldpass']) && !empty($_POST['password']))
{
$oldp=$_POST['oldpass'];
// connection
$con=mysqli_connect('localhost','root','') or die(mysqli_error());
mysqli_select_db($con,'databaseprac') or die("cannot select DB");
// select database
$query=mysqli_query($con,"SELECT * FROM tblusers WHERE password='".$oldp."'");
$numrows=mysqli_num_rows($query);
if($numrows!=0)
{
while($row=mysqli_fetch_assoc($query))
{
$dbpassword=$row['password'];
//mysqli_close()
}
if($oldp == $dbpassword)
{
$sql="UPDATE tblusers SET password='$oldp' WHERE id='1';
$result=mysqli_query($sql);
if($result)
{
echo "<h4>Password Change Successful</h4>";
}
}
}
else {
echo "<h4>Invalid Old Password</h4>";
}
}
else {
echo "<h4>All fields are required.</h4>";
}
}
?>
这句话的结尾没有“
:
$sql=“UPDATE tblusers SET password='$oldp'其中id='1'
您还需要将$con
添加到此行:
$result=mysqli\u查询($sql)
这样地:
$result=mysqli\u查询($con,$sql)您在以下位置错过了“
:
$sql="UPDATE tblusers SET password='$oldp' WHERE id='1';
提示:您应该防止MySQL注入
:
$oldp = mysqli_real_escape_string ($con, $row['oldpass']);
$dbpassword = mysqli_real_escape_string ($con, $row['password']);
替换以下代码:
$sql="UPDATE tblusers SET password='$oldp' WHERE id='1';
$result=mysqli_query($sql);
与
您错过了“
您没有传递连接字符串
这是你的代码完全有效
*sigh*必须,您的代码是SQL可注入的,注释。更不用说转义或参数绑定。更不用说转义或参数绑定。@VinceGraphic不客气,如果单击勾号对您有帮助,您可能会接受最佳答案
$oldp = mysqli_real_escape_string ($con, $row['oldpass']);
$sql="UPDATE tblusers SET password='$oldp' WHERE id='1'";
$result=mysqli_query($con,$sql);
<?php
if(isset($_POST["login"]))
{
if(!empty($_POST['oldpass']) && !empty($_POST['password']))
{
$oldp=$_POST['oldpass'];
$newPassword=$_POST['password'];
echo $oldp." ".$newPassword;
// connection
$con=mysqli_connect('localhost','root','suryabhan') or die(mysqli_error());
mysqli_select_db($con,'databaseprac') or die("cannot select DB");
// select database
$query=mysqli_query($con,"SELECT * FROM tblusers WHERE password='".$oldp."';");
$numrows=mysqli_num_rows($query);
if($numrows!=0)
{
$dbpassword;
while($row=mysqli_fetch_assoc($query))
{
$dbpassword=$row['password'];
echo"password from db:".$dbpassword;
//mysqli_close()
}
if($oldp == $dbpassword)
{
echo"old and new matches";
$sql="UPDATE tblusers SET password='$newPassword'WHERE id='1';";
$result1=mysqli_query($con,$sql);
if($result1)
{
echo"<h4>Password Change Successful</h4>";
}
else{echo "failed";}
}
}
else {
echo"<h4>Invalid Old Password</h4>";
}
}
else {
echo "<h4>All fields are required.</h4>";
}
}
?>