-2
即時通訊嘗試從命令行進行身份驗證,但無法正常工作。 請檢查我的代碼,並讓我知道我錯了什麼地方。從命令行錯誤進行身份驗證
<?php
echo "enter your username\n";
$username = fgets(STDIN);
echo "your password\n";
$password = fgets(STDIN);
echo "enter your new password\n";
$newpassword = fgets (STDIN);
//connecting to database
$db = mysql_connect("localhost","sqldata","sqldata") or die(mysql_error());
//selecting our database
$db_select = mysql_select_db("accounts", $db) or die(mysql_error());
$sql = mysql_query ("select * from uptable where username ='$username'");
$result = mysql_fetch_assoc($sql);
$oldpassword = $result['password'];
if ($password != $oldpassword)
{
echo "error";
}
else
{
mysql_query("update uptable set password = '$newpassword' where username ='$username'");
echo "Your Password has been successfully changed";
}
?>
您的腳本似乎很容易受到SQL注入的影響。另外,您不應該以純文本格式存儲密碼。 – Gumbo 2013-05-02 03:29:56
mysql_ *函數不再用於某些問題,如安全性,您可能想要了解** PDO **或MVC **,例如。 CodeIgniter,cakePHP ** – 2013-05-02 03:33:35
你的意思是不工作?像是有錯誤嗎?如果是的話,它說明了什麼? – 2013-05-02 03:34:46