0
我我用了兩個不同的頁面兩種形式「被遺忘的用戶名」系統的工作: -無法使代碼去如下使用隱藏域與SQL語句
recover_page.php:
<form action="security.php" method="post" enctype="multipart/form-data">
Please Enter your email address:<br>
<input type="text" name="email" value="<?php $_POST['email']?>">
<input type="submit" value="submit">
</form>
其PHP代碼:
<?php
include "session.php";
include "database/db.php";
$mode_allowed = array('username','password');
if(isset($_GET['mode']) === false && in_array($_GET['mode'],$mode_allowed)===false){
header('location:index.php');
}
?>
現在的第二頁(security.php):
<form action="security.php" method="POST" enctype="multipart/form-data">
<p> Answer this question <p>
<select type="text" selected="selected" name="security_question" value="<?php $security_question?>">
<option name="security_question" value="<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);
echo $array[0];
?>">
<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);echo $array[0]; ?>
</option> </select> <br>
<input type="text" name="answer"/> <br>
<input type="submit" value="submit">
</form>
它的PHP代碼:// 代碼,以檢查是否存在於數據庫中的電子郵件或沒有
<?php
include "session.php";
include "database/db.php";
$mode_allowed = array('username','password');
if(isset($_POST['email']) === true && empty($_POST['email']) === false){
if(email_exists($_POST['email']) === false){
echo "Sorry, we can't find this email";
exit();
}
}
?>
//代碼搜索數據庫中的答案,並與該用戶有答案比較在該領域的「答案」進入
<?php
echo "<input type='hidden' name='email' value=' '".$_SESSION['email']."' '>";
if(isset($_POST['answer'])){
$answer = $_POST['answer'];
if(!empty($answer)){
$sql = mysql_query("SELECT `username` FROM `users` WHERE `email` ='".mysql_real_escape_string($_SESSION['email'])."' AND `answer`='".mysql_real_escape_string($answer)."'");
if(mysql_num_rows($sql) == 1){
header('location:last.php?success');
}else {
echo "Wrong answer";
}
}else{
echo "<script type='text/javascript'>alert('you must answer this question');</script>";
}
}
?>
現在這個時候我寫的SQL statment沒有像這樣隱藏的輸入工作正常: -
$sql = mysql_query("SELECT `username` FROM `users` WHERE `answer`='".mysql_real_escape_string($answer)."'");
而且,我可以回聲出$_SESSION['email'];
,它會給我的隱藏字段的正確的價值。那爲什麼sql無法獲得這個值?
氬您確保電子郵件在你的數據庫中是否存在? –
不知道,因爲這是難以遵循,但我看不到任何東西,將$ _SESSION [「郵件」],也沒有任何形式的有一個答案場是沒有空,並允許其進入代碼檢查回答。類似地,您似乎很奇怪的是,您在腳本中爲隱藏的電子郵件表單放置了一個表單字段,這段代碼似乎正在處理上一頁中顯示的表單。 – Kickstart
您應該使用PDO或MySQLi來準備語句而不是mysql_函數,它們已被棄用。 – Fredd