我試圖改變從登錄的用戶的密碼。在網頁上,它說的密碼已更改,但它不會改變,而不是在數據庫中,而不是在所有。我嘗試使用新密碼登錄,但只有舊密碼才能登錄。我確實刷新了頁面和所有內容。我試了幾天,我想知道是否有人會好好地發現我的錯誤。今晚我以爲這可能是因爲密碼是用數據庫上的md5加密的。我會如何繼續,因爲我已經嘗試了一些東西,並沒有工作。PHP函數錯誤不更新密碼,但收到OK消息
error_reporting(E_ALL); ini_set("display_errors","On");
<?php include "includes/connection.php" ?>
<?php
session_start();
if(@$_REQUEST["Submit"]=="Update")
{
$sql="update users set password ='$_REQUEST[newpassword]' where user='$_SESSION[myusername]'";
if (!mysql_query($sql)) die('err: PROBLEM IN QUERY: '.mysql_error());
header("Location:changpass.php?msg=updated");
}
else
die('err: PROBLEM IN REQUEST');
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Change password</TITLE>
<script language="javascript" type="text/javascript">
function validate()
{
var formName=document.frm;
if(formName.newpassword.value == "")
{
document.getElementById("newpassword_label").innerHTML='Please Enter New Password';
formName.newpassword.focus();
return false;
}
else
{
document.getElementById("newpassword_label").innerHTML='';
}
if(formName.cpassword.value == "")
{
document.getElementById("cpassword_label").innerHTML='Enter ConfirmPassword';
formName.cpassword.focus();
return false;
}
else
{
document.getElementById("cpassword_label").innerHTML='';
}
if(formName.newpassword.value != formName.cpassword.value)
{
document.getElementById("cpassword_label").innerHTML='Passwords Missmatch';
formName.cpassword.focus()
return false;
}
else
{
document.getElementById("cpassword_label").innerHTML='';
}
}
</script>
<style type="text/css">
<!--
.style1 {font-weight: bold}
.style7 {
color: yellow;
font-size: 24px;
}
.style9 {
color: #FF6666;
font-weight: bold;
}
.style12 {
color: #666666;
font-weight: bold;
}
.style14 {color: #CC0033; font-weight: bold; }
-->
</style>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
</HEAD>
<BODY>
<form action="changpass.php" method="post" name="frm" id="frm" onSubmit="return validate();">
<table width="47%" border="1" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" align="center"></td>
</tr>
<tr bgcolor="#666666">
<td colspan="2"><span class="style7">Change Password</span></td>
</tr>
<?php if(isset($_REQUEST['msg']) && $_REQUEST['msg'] == 'updated') { ?>
<tr bgcolor="#666666">
<td colspan="2"><span class="style7">Password has been changed successfully.</span></td>
</tr>
<?php } ?>
<tr>
<td bgcolor="#CCCCCC"><span class="style14">New Password:</span></td>
<td bgcolor="#CCCCCC"><input type="password" name="newpassword" id="newpassword" size="20" autocomplete="off"/> <label id="newpassword_label"
class="level_msg"></td>
</tr>
<tr>
<td bgcolor="#CCCCCC"><span class="style14">Confirm Password:</span></td>
<td bgcolor="#CCCCCC"><input type="password" name="cpassword" id="cpassword" size="20" autocomplete="off"> <label id="cpassword_label"
class="level_msg"></td>
</tr><tr bgcolor="#666666"><td colspan="2" align="center"><input type="submit" name="Submit" value="Update" /></td>
</tr></table><a href="index.php">Home</a></form></BODY></HTML>`
我想你應該使用$ _GET(而不是$ _REQUEST) – pzirkind
檢查'mysql_error()'。 (另外,你在這段代碼中有一個可能的mysql注入) –
@Blauesocke好點,他應該看看這個:http://stackoverflow.com/questions/2555255/how-can-i-protect-this-code- from-sql-injection-a-bit-confused?rq = 1 – pzirkind