如果在PHP中输入了新的密码，则更新密码mysqli - Updating password mysqli in PHP if a new one is entered

Updating password mysqli in PHP if a new one is entered

我对PHP和mysqli有点陌生，我觉得我这样做不对;也许我需要检查是否相同，如果不更新密码?我不知道该怎么做。

目前在用户编辑表单上，我没有传递当前密码值，但我可以传递它，它将以md5格式传递。

PHP

    // user information
    $getID = $_POST['id']; // id
    $name = $_POST['name']; // name
    $username = $_POST['username']; // username
    $email = $_POST['email']; // email
    $phone = $_POST['phone']; // phone
    $password = md5($_POST['password']); // password
    if($password == ''){
        // the query
        $query = "UPDATE users SET
                    name = ?,
                    username = ?,
                    email = ?,
                    phone = ?
                 WHERE id = ?
                ";
    } else {
        // the query
        $query = "UPDATE users SET
                    name = ?,
                    username = ?,
                    email = ?,
                    phone = ?,
                    password =?
                 WHERE id = ?
                ";
    }
    /* Prepare statement */
    $stmt = $mysqli->prepare($query);
    if($stmt === false) {
      trigger_error('Wrong SQL: ' . $query . ' Error: ' . $mysqli->error, E_USER_ERROR);
    }
    if($password == ''){
        /* Bind parameters. TYpes: s = string, i = integer, d = double,  b = blob */
        $stmt->bind_param(
            'ssss',
            $name,$username,$email,$getID
        );
    } else {
        /* Bind parameters. TYpes: s = string, i = integer, d = double,  b = blob */
        $stmt->bind_param(
            'sssss',
            $name,$username,$email,$password,$getID
        );
    }

你的代码中有一个错误。在检查空密码之前，不要使用MD5。MD5也加密空白值，所以$password == "条件总是错误的。

  // user information
        $getID = $_POST['id']; // id
        $name = $_POST['name']; // name
        $username = $_POST['username']; // username
        $email = $_POST['email']; // email
        $phone = $_POST['phone']; // phone
    /// do not use md5 here so condition get false always
        $password = $_POST['password']; // password
        if($password == ''){
            // the query
            $query = "UPDATE users SET
                        name = ?,
                        username = ?,
                        email = ?,
                        phone = ?
                     WHERE id = ?
                    ";
        } else {
            // the query
            $query = "UPDATE users SET
                        name = ?,
                        username = ?,
                        email = ?,
                        phone = ?,
                        password =?
                     WHERE id = ?
                    ";
        }
        /* Prepare statement */
        $stmt = $mysqli->prepare($query);
        if($stmt === false) {
          trigger_error('Wrong SQL: ' . $query . ' Error: ' . $mysqli->error, E_USER_ERROR);
        }
        if($password == ''){
            /* Bind parameters. TYpes: s = string, i = integer, d = double,  b = blob */
            $stmt->bind_param(
                'ssss',
                $name,$username,$email,$getID
            );
        } else {
$password = md5($password);
            /* Bind parameters. TYpes: s = string, i = integer, d = double,  b = blob */
            $stmt->bind_param(
                'sssss',
                $name,$username,$email,$password,$getID
            );
        }