0
我對mysql非常陌生,正試圖用另一個列替換列中的一個值。現在,我有2個輸入和可以重複這些輸入的文本值這裏還有人的登錄用戶名:Mysql更新不會更改數據表中的值?查詢沒有做出?
<?php
session_start();
include("../php/Session.class.php");
$sess = new Session();
$sess->Init();
$cookie = isset($_COOKIE["session"]);
if($cookie)
{
$cookie = $_COOKIE["session"];
$account = $sess->Verify($cookie);
}
$pass1=$_POST['passwordText']; //name of input
echo $pass1;
$pass=$_POST['oldPass']; //name of input
echo $pass;
echo $account['username'];
我然後連接到我的數據庫,我試圖設置以前的密碼到用戶的用戶名所在的$pass1的值。
$dbh = new mysqli("localhost","username","password","sqlserver");
$checkforpass = "SELECT password FROM accounts WHERE username='".$account['username']."'";
$checkforpass = $dbh->query($checkforpass); //make query
$checkforpass = $checkforpass->fetch_assoc(); //prepare sql
$checkforpass = $checkforpass['password'];
echo $checkforpass;
if($checkforpass==$pass)
{
echo 'they got the password!';
$change = "UPDATE accounts SET password=".$pass1." WHERE username='".$account['username']."'";
//$change = $dbh->query($change);
$dbh->query($change); //make query
$dbh->close();
//change password
}
我沒有收到任何錯誤,但是在檢查我的本地數據庫時,密碼的值保持不變。我在這裏做錯了什麼?
您可能要更好地命名變量並避免使用相同的變量無關值以提高可讀性。我還建議在調查數據庫安全標準和使用參數化查詢時查找sql注入 – user3502998