MySQL PHP - 无法向表中插入/更新新值

时间:2022-09-25 16:09:21

I have an login-system on my website and i'm trying to create password reset. I have no problem with the registration, or the login code, but password change code does not work. Here are two examples that i tried(actual code)

我的网站上有一个登录系统,我正在尝试创建密码重置。我没有注册或登录代码的问题,但密码更改代码不起作用。这是我尝试的两个例子(实际代码)

<?php
    require_once("config.php");
    session_start();
    if(isset($_POST['submit'])) {

        include_once 'config.php';

        $password = mysqli_real_escape_string($con, $_POST['password']);
        $password1 = mysqli_real_escape_string($con, $_POST['uc_pass1']);
        $password2 = mysqli_real_escape_string($con, $_POST['uc_pass2']);
        $uid = $_SESSION['s_id'];

        if ($password1 != $password2 || empty($password1) || empty($password2)) {
            header("Location: ../user-conf.php?pass=notmatching");
            exit();
        } else {
            $sql = "SELECT password FROM userdb WHERE username='$uid'";
            $result = mysqli_query($con, $sql);
            $resultCheck = mysqli_num_rows($result);

            if (!$resultCheck > 0) {
                header("Location: ../user-conf.php?error");
                exit();
            } else {
                $hashedPwdCheck = password_verify($password, $_SESSION['s_pw']);
                if ($hashedPwdCheck == false) {
                    header("Location: ../user-conf.php?error");
                    exit();
                } elseif ($hashedPwdCheck == true) {
                    $hashedPwd2 = password_hash($password1, PASSWORD_DEFAULT);
                    $sql2 = "INSERT INTO userdb (password) VALUES($hashedPwd2) WHERE username=$uid";
                    mysqli_query($con, $sql2);
                    header("Location: ../user-conf.php?pass=successfull");
                    exit();
                }
            }
        }
    } else {
        header("Location: ../login.php?nologon");
    }
?>

And the other one is below.

另一个在下面。

<?php
    require_once("config.php");
    session_start();
    if(isset($_POST['submit'])) {

        include_once 'config.php';

        $password = mysqli_real_escape_string($con, $_POST['password']);
        $password1 = mysqli_real_escape_string($con, $_POST['uc_pass1']);
        $password2 = mysqli_real_escape_string($con, $_POST['uc_pass2']);
        $uid = $_SESSION['s_id'];

        if ($password1 != $password2 || empty($password1) || empty($password2)) {
            header("Location: ../user-conf.php?pass=notmatching");
            exit();
        } else {

            $hashedPwdCheck = password_verify($password, $_SESSION['s_pw']);
            if ($hashedPwdCheck == false) {
                header("Location: ../user-conf.php?error");
                exit();
            } elseif ($hashedPwdCheck == true) {
                $hashedPwd = password_hash($password1, PASSWORD_DEFAULT);
                $sql = "INSERT INTO userdb (password) VALUES($hashedPwd) WHERE username=$uid";
                mysqli_query($con, $sql);
                header("Location: ../user-conf.php?pass=successfull");
                exit();
            }
        }
    } else {
        header("Location: ../login.php?nologon");
    }
?>

I also tried wit the UPDATE syntax. but, it didn't seems to change the old password with the new one. It would be nice to know what I did wrong so if you know please tell me and it will be appreciated! :)

我也尝试过UPDATE语法。但是,似乎没有用新的密码更改旧密码。很高兴知道我做错了所以如果你知道请告诉我,我们将不胜感激! :)

1 个解决方案

#1


2  

99% sure that:

99%肯定:

"INSERT INTO userdb (password) VALUES($hashedPwd2) WHERE username=$uid"

Should be:

"UPDATE userdb SET password = '$hashedPwd2' WHERE username='$uid'"

You are missing quotes around your PHP variable and the INSERT should be an UPDATE.

您缺少PHP变量的引号,INSERT应该是UPDATE。

#1


2  

99% sure that:

99%肯定:

"INSERT INTO userdb (password) VALUES($hashedPwd2) WHERE username=$uid"

Should be:

"UPDATE userdb SET password = '$hashedPwd2' WHERE username='$uid'"

You are missing quotes around your PHP variable and the INSERT should be an UPDATE.

您缺少PHP变量的引号,INSERT应该是UPDATE。