0
即時通訊一個新手在PHP和SQL編程,並可以有人幫助我在我的語法,最近一直創建此代碼來編輯我的用戶,並將其寫入數據庫,但它總是得到一個錯誤舊密碼和密碼,它總是說密碼不匹配,即使我正確地做了這個過程,對我有什麼幫助? TNX更新(編輯)用戶在PHP
<?php
$update = strip_tags($_POST['update']);
$username = strtolower(strip_tags($_POST['username']));
$oldpassword = strip_tags($_POST['oldpassword']);
$newpassword = strip_tags($_POST['newpassword']);
$firstname = strip_tags($_POST['first']);
$lastname = strip_tags($_POST['last']);
$gender = strip_tags($_POST['gender']);
$address = strip_tags($_POST['address']);
$zipcode = strip_tags($_POST['zip']);
$contact = strip_tags($_POST['con']);
$email = strip_tags($_POST['mail']);
error_reporting(0);
if($update)
{
if($username&& $oldpassword && $newpassword && $firstname && $lastname && $address && $zipcode && $contact && $email)
{
$connect = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("brightlights") or die(mysql_error());
$updatecheck = mysql_query("SELECT * FROM username FROM tb_user WHERE username='$username'");
$count = mysql_num_rows($updatecheck);
if($count<=1)
{
if($_SESSION['password']==($oldpassword))
{
mysql_query("UPDATE tb_user SET
username = '$username',
password = '$newpassword',
Firstname = '$firstname',
Lastname = '$lastname',
gender = '$gender',
address = '$address',
zipcode = '$zipcode',
contact = '$contact',
email = '$email'
WHERE username='".$_SESSION['username']."'");
$_SESSION['username'] = $username;
$_SESSION['password'] = $newpassword;
$_SESSION['Firstname'] = $firstname;
$_SESSION['Lastname'] = $lastname;
$_SESSION['gender'] = $gender;
$_SESSION['address'] = $address;
$_SESSION['zipcode'] = $zipcode;
$_SESSION['contact'] = $contact;
$_SESSION['email'] = $email;
session_write_close();
echo "Succesfully Updated!";
}else
echo "Password not match!";
}else
echo "Username already Taken!";
}else
echo "Please fill up all form!";
}
?>
作爲一個方面說明,您的查詢容易受到[SQL注入](http://php.net/manual/en/security.database.sql-injection.php) – 2010-12-04 11:24:23
另外我認爲這需要基本的調試:會話集中的密碼在哪個時間點?你有沒有做過舊密碼和新密碼的測試輸出?它們包含什麼? – 2010-12-04 11:27:06