我已经创建了一个脚本,用户可以更改密码。但我得到的错误 确认密码和新密码犯规的比赛.. 这里是代码会员可以更改密码
<?
session_start();
include 'db.php';
if($_POST['username']!="") {
$username = $_POST['username'];
}
else die("No Username was passed");
if($_POST['password']!="") {
$password = $_POST['password'];
}
else die("No Password was passed");
if($_POST['newpassword']!="") {
$newpassword = $_POST['newpassword'];
}
else die("No NewPassword was passed");
if($_POST['confirmnewpassword']!="") {
$newpassword = $_POST['confirmnewpassword'];
}
else die("No Confirm Password was passed");
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];
$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result){
echo "The username entered does not exist!";
}
else
if($password != mysql_result($result, 0)){
echo "Entered an incorrect password";
}
if($newpassword == $confirmnewpassword){
$sql = mysql_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'");
}
if(!$sql){
echo "Congratulations, password successfully changed!";
}
else{
echo "New password and confirm password must be the same!";
}
?>
这里表单代码
<form action="lostpw.php" method="post" name="" id="">
<table width="50%" border="0" align="center" cellpadding="4" cellspacing="0">
<tr>
<td width="22%">Username</td>
<td width="78%"><input name="username" type="text" id="username" value="<? echo "". $_SESSION['username'] ."" ?>"></td>
</tr>
<tr>
<td width="22%">Old password</td>
<td width="78%"><input name="password" type="text" id="password"></td>
</tr>
<td>New Password</td>
<td><input name="newpassword" type="newpassword" value=""></td>
</tr>
<tr>
</tr>
<td>Confirm </td>
<td><input name="confirmnewpassword" type="confirmnewpassword" value=""></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="update"></td>
</tr>
<tr>
<td><a href="home.php">Back</a></td>
</tr>
</table>
</form>
我在哪里做错了。
你有没有从保护[SQL注入](http://php.net/manual/en/security.database.sql-injection.php )。 – 2013-03-18 03:12:23
1.您确定要在PLAIN TEXT中保存密码吗? 2.你知道SQL注入吗? – Raptor 2013-03-18 03:12:24
你为什么要存储明文密码? – Blender 2013-03-18 03:12:26