即时通讯尝试从命令行进行身份验证,但无法正常工作。 请检查我的代码,并让我知道我错了什么地方。从命令行错误进行身份验证
<?php
echo "enter your username\n";
$username = fgets(STDIN);
echo "your password\n";
$password = fgets(STDIN);
echo "enter your new password\n";
$newpassword = fgets (STDIN);
//connecting to database
$db = mysql_connect("localhost","sqldata","sqldata") or die(mysql_error());
//selecting our database
$db_select = mysql_select_db("accounts", $db) or die(mysql_error());
$sql = mysql_query ("select * from uptable where username ='$username'");
$result = mysql_fetch_assoc($sql);
$oldpassword = $result['password'];
if ($password != $oldpassword)
{
echo "error";
}
else
{
mysql_query("update uptable set password = '$newpassword' where username ='$username'");
echo "Your Password has been successfully changed";
}
?>
您的脚本似乎很容易受到SQL注入的影响。另外,您不应该以纯文本格式存储密码。 – Gumbo 2013-05-02 03:29:56
mysql_ *函数不再用于某些问题,如安全性,您可能想要了解** PDO **或MVC **,例如。 CodeIgniter,cakePHP ** – 2013-05-02 03:33:35
你的意思是不工作?像是有错误吗?如果是的话,它说明了什么? – 2013-05-02 03:34:46