堆栈内存溢出
  简体   繁体   English

PHP中的变量不能在SQL中解析但在echo中可以

[英]variable in PHP not parsing in SQL but ok in echo

 原文  2018-03-07 17:33:47       php

问题描述

I am trying to make a page for the user to change their password when they want, not had any issues with this until now. 我正在尝试为用户创建一个页面,以便用户在需要时更改密码,到目前为止,还没有任何问题。

I have set the $Username variable, and call it in the SQL Statement along with $oldpw variable. 我已经设置了$ Username变量,并在SQL语句中将其与$ oldpw变量一起调用。

When I echo the query, the username is always missing. 当我回显查询时,用户名始终丢失。 if I reverse Password & Username, Username is still missing. 如果我反转了密码和用户名,则仍然缺少用户名。 if I echo the variable on its own, it's there. 如果我自己回显该变量,则该变量在那里。

Regarding Password Security: 关于密码安全性:
I realize the passwords are not fully protected, but they don't need to be as this is being run on an internal system, which has all the required encryption to get in to it in the first place. 我意识到密码并没有得到完全的保护,但是由于密码是在内部系统上运行的,因此不需要这样做,因为该系统首先具有所有必需的加密功能。

Below is the code & results from a test account with U: Admin & P: Admin 以下是带有U:Admin和P:Admin的测试帐户的代码和结果 

<?php
include('SQLFunctions.php');
include('session.php');
session_start();
$link = f_sqlConnect();
$oldpw = ($_POST['oldpw']);
$newpw = ($_POST['newpw']);

if(!isset( $_POST['oldpw']))
{
    $message = 'Please enter a your old password';
}
elseif (strlen( $_POST['newpw']) > 20 || strlen($_POST['newpw']) < 4)
{
    $message = 'incorrect length for new password';
}
elseif (ctype_alnum($_POST['newpw']) != true)
{
    $message = "New password must be alpha numeric";
}
elseif ($_POST['newpw'] <> $_POST['conpw'])
{
    $message = "Your new passwords do not match";
}
elseif(!empty($_POST)) {
    $UserID = $_POST['q'];
    $oldpwd = filter_var($_POST['oldpwd'], FILTER_SANITIZE_STRING);
    $newpwd = filter_var($_POST['newpwd'], FILTER_SANITIZE_STRING);

try {
    $Username = $_SESSION['Username'];
    $oldpw = Sha1($oldpw);
    $newps = Sha1($newpw);

    // check whether username exists and check that $oldpass is correct
    $query = "SELECT Password FROM Users WHERE Password='".$oldpw."' AND     Username='".$Username."'";

    $result = mysqli_query($link, $query);
    if(!$result){

        $message = "<p class='message'>Error: Your username and or password are incorrect.</p>" ;
    }else{

        // Test with mysqli_num_rows()
        if (mysqli_num_rows($result) > 0) {

            $query = "
                    UPDATE 
                        Users 
                    SET 
                        Password = '$newpw'
                        ,Updated_by = '$Username'
                        ,LastUpdated = NOW()
                    WHERE 
                        Username = '$Username'";

          mysqli_query($link, $query) or
                die("Insert failed. " . mysqli_error($link));

          $message = "<p class='message'>Your password has been changed</p>";

          mysqli_free_result($result);
        }
        else {
           // Username or password is incorrect
            $message = "<p class='message'>Error: Your username and password do not match.</p>" ;
        } 
    }
} catch(Exception $e) { $message = "Unable to process request";
}
}
?>
<html>
<head>
    <title>
        SVBX - Update Password
    </title>
    <link rel="stylesheet" href="styles.css" type="text/css"/>
</head>
    <body>
        <?php include('filestart.php') ?>
        <p><?php echo $message;
             echo "<br>Query: ".$query;
             echo "<br>Username :" .$Username;
             echo "<br>UserID :" .$UserID;?></p>
        <?php include('fileend.php') ?>
    </body>
</html>

So when I run this I get the following echos: 因此,当我运行此命令时,我得到以下回显: 

Error: Your username and password do not match.
Query: SELECT Password FROM Users WHERE 
Password='4e7afebcfbae000b22c7c85e5560f89a2a0280b4' AND Username=''
Username :Admin
UserID :18

I just can't see what the issue is, appreciate someone pointing out the obvious for me. 我只是看不到问题是什么,感谢有人指出对我来说很明显。

Thank you all. 谢谢你们。

2 个解决方案

解决方案1
 0  2018-03-07 17:51:04

However there are a session related issue. 但是,存在与会话相关的问题。 You've included session.php which might contain some session related task. 您已经包含了session.php ,其中可能包含一些与会话相关的任务。 Again you've started session in the next line. 同样,您已经在下一行开始了会话。

I think $Username received null from $_SESSION . 我认为$Username$_SESSION接收到空值。 But before you print the username you've included filestart.php . 但是在打印用户名之前,您已经包含了filestart.php However the variable $Username has been initialized inside that file. 但是,变量$Username已在该文件中初始化。

解决方案2
 0  2018-03-07 18:22:30

So I managed to get the script to work, but it doesn't resolve the issue of why I am losing the $_SESSION Info. 因此,我设法使该脚本正常工作,但无法解决为什么我丢失$_SESSION信息的问题。

I amended the previous pages form, where I know the session information was working, and sent the username to this page using $_POST . 我修改了以前的页面表单,知道会话信息在起作用,并使用$_POST将用户名发送到此页面。

It all worked and the password can be changed. 一切正常,可以更改密码。

A work around more than a solution. 围绕解决方案而不仅仅是解决方案。 Thank you everyone for your efforts to help. 谢谢大家的帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP 来自 sql 表的回波变量的变量 - PHP Variable from echo variable of sql table 具有SQL变量的wordpress php中的回显图像 - Echo image in wordpress php with SQL variable 在sql中将30天添加到变量中,然后在php中回显 - add 30 days to a variable in sql then echo in php 解析PHP中的回声 - Parsing an echo in php 在PHP中解析回显 - Parsing an echo in PHP 什么是Rails相当于PHP的echo(“ok”)? - What is the Rails equivalent to PHP's echo(“ok”)? 用php echo解析javascript代码 - parsing javascript codes with php echo 通过PHP解析,回显不起作用 - Parsing through PHP, echo not working 将SQL SUM()查询设置为PHP变量,然后回显结果 - Set SQL SUM() query to a PHP variable, and echo result php echo中的变量 - Variable in php echo
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM