mysql查询没有给出正确的输出
[英]mysql query is not giving correct output
问题描述
i have created one form for user to change the password for which programming is as bellow- 
我为用户创建了一种更改密码的表格,其编程方式如下-
include("../database.php");
if(isset($_SESSION['user_name']))
{
$password=$_POST['new_password'];
$query="select password from login where username = '".$_SESSION['user_name']."' and password='".md5($password)."'";
echo $query."<br>\n";
$result=mysql_query($query) or die(mysql_error());
echo $result."<br>\n";
echo "abc<br>\n";
echo mysql_num_rows($result)."<br>\n";
if(mysql_num_rows($result))
{
echo "def";
$row=mysql_fetch_row($result);
$pass=$row['password'];
echo $pass;
if($pass==$password)
{
$query2="UPDATE login SET password='$password' WHERE username='$_SESSION[user_name]'";
echo $query2;
echo "Password changed successfully";
}
else
{
echo "You entered wrong current password";
}
}
else
{
echo "here";
}
}
else
{
header('Location:index.php');
}
It gives $result=0. 它给出$ result = 0。 So it doesn't going to update user password . 因此,它不会更新用户密码。 it directly goes to else part and gives output "here" as written. 它直接转到其他部分,并按书面形式给出输出“ here”。 what is the solution for that. 有什么解决方案。
3 个解决方案
解决方案1
1 2013-10-29 12:42:52
You are using one variable - password - for two things: the old password, which is saved as an MD5 hash in the db with the user ID, and the new password, which is being passed into your routine from the user. 您将一个变量(密码)用于两件事:旧密码(使用用户ID保存为db5中的MD5哈希值)和新密码(从用户传递到例程中)。
Make them two different variables. 使它们成为两个不同的变量。 The first query should set "old_password" from the MD5 of the password in the db. 第一个查询应从数据库中密码的MD5设置“ old_password”。 You can use that to confirm that the user knows the old password. 您可以使用它来确认用户知道旧密码。
Then save the new password in the database if everything checks out. 然后,如果一切正常,则将新密码保存在数据库中。
解决方案2
0 2013-10-29 12:42:15
You are using new_password instead of the password field to look up the existing user. 您正在使用new_password而不是密码字段来查找现有用户。
I guess it should be like that (assuming that your user also provides the old password in the field 'password'): 我想应该是这样的(假设您的用户还在“密码”字段中提供了旧密码):
$password=$_POST['password'];
$query="select password from login where username = '".$_SESSION['user_name']."' and password='".md5($password)."'";
If that is not the case, then you should at least add a field for the old password and use that field to look up the user in the DB. 如果不是这种情况,那么您至少应该为旧密码添加一个字段,并使用该字段在数据库中查找用户。
解决方案3
0 2013-10-29 12:44:16
Your are trying to fetch user by hash of new password 您正在尝试通过新密码的哈希值来获取用户
$password=$_POST['new_password'];
$query="select password from login where username = '".$_SESSION['user_name']."' and password='".md5($password)."'"
If your form contains old_password input, you should assigment to: 如果您的表单包含old_password输入,则应归因于:
$password=md5($_POST['old_password']);
$query="select password from login where username = '".$_SESSION['user_name']."' and password='".$password."'";
and change update query to: 并将更新查询更改为:
$newPassword=md5($_POST['new_password']);
$query2="UPDATE login SET password='$newPassword' WHERE username='$_SESSION[user_name]'";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.