I'm facing a problem in updating my database, when I'm trying to update my password in database i cannot update my alphabet password in my database for example "adnan" but I can update numeric password in database for example "1233".
<?php
if(isset($_POST['submit'])){
$new_pass=$_POST['new_pass'];
$re_new_pass=$_POST['re_new_pss'];
$old_pass=$_POST['old_pss'];
if(empty($new_pass) || empty($re_new_pass) || empty($old_pass) ){
$message="fill all the fields!";
}
else{
if(strcmp($new_pass,$re_new_pass)==0){
$con=mysqli_connect("localhost","root","","managment");
$query="SELECT user_password FROM login_table;";
$sql=mysqli_query($con,$query);
if(mysqli_num_rows($sql) > 0){
$result=mysqli_fetch_assoc($sql);
if(strcmp($old_pass,$result['user_password'])==0){
$query_insert="UPDATE login_table SET user_password=$new_pass WHERE user_password=$old_pass;";
$sql=mysqli_query($con,$query_insert);
$message="password change seccessfully!";
}
else{
$message="Old password in not correct!";
}
}
}
else{
$message="please type same passwords in both fileds!";
}
}
}
?>
<html>
<head>
<title>Tutorial</title>
</head>
<body>
<div style="width: 400px; margin: auto;">
<form action="" method="post">
<h3 align="center">Forget password</h3><br />
<div class="text-danger text-center"><?php if(isset($message)) { echo $message; } ?></div>
<div class="form-group">
<label for="login">new password</label>
<input name="new_pass" type="password" class="form-control" />
<label for="login">Re-type new password</label>
<input name="re_new_pss" type="password" class="form-control" />
<label for="login">old password</label>
<input name="old_pss" type="password" class="form-control" />
<br/>
<input name="submit" type="submit" class="btn btn-danger" />
</div>
</form>
<br />
</div>
</body>
</html>
TL;DR;
Okay, when it works when you update numeric value but not alphabetic value, it means that you are not surrounding your value within quotes.
UPDATE `table` SET `column`=35007; -- This works.
UPDATE `table` SET `column`=hello; -- This won't.
The best thing you should do is to enclose them using single quotes '
.
In your code:
$query_insert="UPDATE login_table SET user_password=$new_pass WHERE user_password=$old_pass;";
//--------------------------------------------------^-------^
Also make sure to use backticks.
$query_insert = "UPDATE `login_table` SET `user_password` = '$new_pass' WHERE `user_password` = '$old_pass';";
Finally, your code is vulnerable to SQL Injection attacks. Read about it. Use PDO or Prepared Statements proceeding further.
编辑sql更新:
$query_insert="UPDATE login_table SET user_password='".$new_pass."' WHERE user_password='".$old_pass."';";
$query_insert="UPDATE login_table SET user_password=$new_pass WHERE username =$username";
You can't keep the update field in condition change the where clause with id or username.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.