我正试图为我试图制作的网站创建密码更改页面。但是,当用户在表单中输入信息时,它会将我发送到一个空白页面。换句话说,我的php代码甚至不执行,我不知道为什么。我已经尝试了几种不同的方法,但我不完全确定是怎么回事。这是我第一次做一个一般的设置页面或网站,所以也许这是一个简单的错误,或者我做错了。这是我的php代码。
<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
</head>
<body>
<?php
$db_server = "server";
$db_username = "name";
$db_password = "pass";
$con = mysql_connect($db_server, $db_username, $db_password);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$database = "Account_Holder";
$er = mysql_select_db($db_username);
if (!$er) {
print ("Error - Could not select the database");
exit;
}
$username = $_P0ST['username'];
$cur_password = $_POST['cur_password'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
// Check for an existing password.
if (isset($_POST['cur_password']))
{
$pass = FALSE;
print('<p>You forgot to enter your existing password!</p>');
}
else {
$pass = escape_data($_POST['cur_password']);
}
// Check for a password and match against the confirmed password.
if (empty($_POST['password']))
{
$newpass = FALSE;
print('<p>You forgot to enter your new password!</p>');
}
else
{
if ($_POST['password'] == $_POST['password2']) {
$newpass = escape_data($_POST['password']);
}
else
{
$newpass = FALSE;
$message .= '<p>Your new password did not match the confirmed new password!</p>';
}
if ($pass && $newpass) { // If checking passes
$query = "SELECT * FROM Account_Holder WHERE password='$pass')";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if ($num == 1) {
$row = mysql_fetch_array($result);
// Make the query.
$query = ("UPDATE Account_Holder SET password='$newpass' WHERE username=$username");
$result = mysql_query($query); // Run the query.
if (mysql_affected_rows() == 1) { // If it ran OK.
echo '<p><b>Your password has been changed.</b></p>';
}
else
{ // If query failed.
print('<p>Your password was not changed.</p><p>' . mysql_error() . '</p>');
}
} else
{
print('<p>Your username and password did not match any in the database.</p>');
}
}
else
{
print('<p>Please try again.</p>');
}
}
?>
</body>
</html>
<!--
I also did it this way and all the validations work and it says the password was updated but it does not change in the database. Is something wrong with my sql?
-->
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Change Password Confrim</title>
</head>
<body>
<?php
$db_server = "server";
$db_username = "name";
$db_password = "pass";
$con = mysql_connect($db_server, $db_username, $db_password);if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$database = "Account_Holder";
$er = mysql_select_db($db_username);
if (!$er)
{
print ("Error - Could not select the database");
exit;
}
//include "include/session.php";
// check the login details of the user and stop execution if not logged in
//require "check.php";
//////////Collect the form data ////////////////////
$username =$_P0ST['username'];
$todo=$_POST['todo'];
$password=$_POST['password'];
$password2=$_POST['password2'];
/////////////////////////
if(isset($todo) and $todo=="change-password"){
$password = mysql_real_escape_string($password);
$password2 = mysql_real_escape_string($password2);
//Setting flags for checking
$status = "OK";
$msg="";
//Checking to see if password is at least 3 char max 8
if ( strlen($password) < 3 or strlen($password) > 8 )
{
$msg=$msg."Password must be more than 3 char legth and maximum 8 char lenght<br/>";
$status= "NOTOK";
}
//Checking to see if both passwords match
if ( $password <> $password2 )
{
$msg=$msg."Both passwords are not matching<br/>";
$status= "NOTOK";
}
if($status<>"OK")
{
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}
else
{ // if all validations are passed.
if(mysql_query("UPDATE Account_Holder SET password='$password' WHERE username='$username'"))
{
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully.</font></center>";
}
else
{
echo "<font face='Verdana' size='2' color=red><center>Sorry <br> Failed to change password.</font></center>";
}
}
}
//require "bottom.php";
?>
<center>
<br><br><a href='Settings.html'>Settings Page</a></center>
</body>
</html>
我希望我能留下评论。但是没有。您的代码中有很多错误,例如
$username = $_P0ST['username'];
我猜错误报告在页面上是关闭的,所以你看不到语法错误,你只是得到一个空白的页面。
打开错误。
error_reporting(E_ALL);
几点注释:
$er = mysql_select_db($db_username);
这是错误的变量。
$username = $_P0ST['username'];
用零代替字母o
$query = "SELECT * FROM Account_Holder WHERE password='$pass')";
和
$query = ("UPDATE Account_Holder SET password='$newpass' WHERE username=$username");
你会说"SQL注入"吗?还有,username值周围缺少引号。
正如上面的Adam Meyer所提到的,您似乎关闭了错误报告。要么是这样,要么是在某个地方进行了输出缓冲,然后又出现了语法错误。