时间戳

首页 > 解决方案 > 我的重置密码密码系统给了我一个数据库错误

php - 我的重置密码密码系统给了我一个数据库错误

问题描述

我一直在尝试制作一个重置密码系统,我的代码如下:

<?php  ob_start();
include "includes/header.php";
include "includes/db.php";
//session_start();
include "includes/navigation.php";

if(isset($_GET['reset']) && isset($_GET['token'])) {

$token = $_GET['token'];
$stmt = mysqli_prepare($connection, "SELECT username, user_email, token FROM users WHERE token=?");
mysqli_stmt_bind_param($stmt, "s", $token);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $username, $user_email, $token);
mysqli_stmt_fetch($stmt);
if(!empty($username)) {
if(isset($_POST['password']) && isset($_POST['confirmPassword']) && $_POST['password'] == $_POST['confirmPassword']) {
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));
echo $hashedPassword;
echo $user_email;

$stmt = mysqli_prepare($connection, "UPDATE users SET token= '', user_password= '{$hashedPassword}' WHERE user_email= ?");
mysqli_stmt_bind_param($stmt, "s", $user_email);
mysqli_stmt_execute($stmt);


}

} else {
  header("Location: index.php");
}
} else {
  header("Location: index.php");
}




?>

现在的情况是第一个查询运行良好。令牌成功插入数据库中请求重置密码的帐户,并成功从数据库中获取数据。

当用户插入新密码及其确认时,就会出现问题。尽管密码已成功散列,但将其插入数据库时​​出现问题。

它让我得到“mysqli_stmt_bind_param() 期望参数 1 是 mysqli_stmt,给定的布尔值”。确保问题不在连接中,因为连接已经在上述查询中起作用。我一直在检查语句查询有什么问题,但我无法识别任何错误。

感谢你的帮助。谢谢

标签: phpmysqli

解决方案

我已经修改了您的代码,并尽可能最好地记录了您出错的地方,以及为什么我的更正应该有效。

<?php  ob_start();
include "includes/header.php";
include "includes/db.php";
//session_start();
include "includes/navigation.php";

if(isset($_GET['reset']) && isset($_GET['token'])) {

$token = $_GET['token'];
//I have amended your query, you do not need to grab the token if the condition is that it is the same as something you already have, as $_GET['token'] AND $token will always be the same.
$query = "SELECT username, user_email FROM users WHERE token = ?");
$stmt = $connection->prepare($query);
$stmt->bind_param("s", $_GET['token']);
$stmt->execute();
$stmt->bind_result($username, $user_email);
$stmt->fetch();
$stmt->close(); // You did not close your query connection. 
// To use a new query you must first close the previous one.

if(!empty($username)) {
if(isset($_POST['password']) && isset($_POST['confirmPassword']) && $_POST['password'] == $_POST['confirmPassword']) {
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));
echo $hashedPassword;
echo $user_email;

// Previously you tried to insert a PHP variable into a query, which is not possible
// in (and defeats the point of) prepared statements. Rather than put in $variable
// replace them with '?' . (not including quotation marks)
$query = "UPDATE users SET token = null, user_password = ? WHERE user_email = ?";
$stmt = $connection->prepare($query);
$stmt->bind_param("ss", $hashed_password, $user_email);
$stmt->execute();
$stmt->close();    

}

} else {
  header("Location: index.php");
}
} else {
  header("Location: index.php");
}

此外,如果您将 db.php 放在标题之前,以及我在标题之前提供的代码,很可能可以避免文档开头的输出缓冲。(这只是基于我在其他代码中看到的一些错误。)

您在原始帖子“mysqli_stmt_bind_param() 期望参数 1 为 mysqli_stmt”中描述的错误意味着查询语法很可能存在错误,这是我修改的主要元素。

推荐阅读