php - 我的重置密码密码系统给了我一个数据库错误
问题描述
我一直在尝试制作一个重置密码系统,我的代码如下:
<?php ob_start();
include "includes/header.php";
include "includes/db.php";
//session_start();
include "includes/navigation.php";
if(isset($_GET['reset']) && isset($_GET['token'])) {
$token = $_GET['token'];
$stmt = mysqli_prepare($connection, "SELECT username, user_email, token FROM users WHERE token=?");
mysqli_stmt_bind_param($stmt, "s", $token);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $username, $user_email, $token);
mysqli_stmt_fetch($stmt);
if(!empty($username)) {
if(isset($_POST['password']) && isset($_POST['confirmPassword']) && $_POST['password'] == $_POST['confirmPassword']) {
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));
echo $hashedPassword;
echo $user_email;
$stmt = mysqli_prepare($connection, "UPDATE users SET token= '', user_password= '{$hashedPassword}' WHERE user_email= ?");
mysqli_stmt_bind_param($stmt, "s", $user_email);
mysqli_stmt_execute($stmt);
}
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
}
?>
现在的情况是第一个查询运行良好。令牌成功插入数据库中请求重置密码的帐户,并成功从数据库中获取数据。
当用户插入新密码及其确认时,就会出现问题。尽管密码已成功散列,但将其插入数据库时出现问题。
它让我得到“mysqli_stmt_bind_param() 期望参数 1 是 mysqli_stmt,给定的布尔值”。确保问题不在连接中,因为连接已经在上述查询中起作用。我一直在检查语句查询有什么问题,但我无法识别任何错误。
感谢你的帮助。谢谢
解决方案
我已经修改了您的代码,并尽可能最好地记录了您出错的地方,以及为什么我的更正应该有效。
<?php ob_start();
include "includes/header.php";
include "includes/db.php";
//session_start();
include "includes/navigation.php";
if(isset($_GET['reset']) && isset($_GET['token'])) {
$token = $_GET['token'];
//I have amended your query, you do not need to grab the token if the condition is that it is the same as something you already have, as $_GET['token'] AND $token will always be the same.
$query = "SELECT username, user_email FROM users WHERE token = ?");
$stmt = $connection->prepare($query);
$stmt->bind_param("s", $_GET['token']);
$stmt->execute();
$stmt->bind_result($username, $user_email);
$stmt->fetch();
$stmt->close(); // You did not close your query connection.
// To use a new query you must first close the previous one.
if(!empty($username)) {
if(isset($_POST['password']) && isset($_POST['confirmPassword']) && $_POST['password'] == $_POST['confirmPassword']) {
$password = $_POST['password'];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT, array('cost'=>12));
echo $hashedPassword;
echo $user_email;
// Previously you tried to insert a PHP variable into a query, which is not possible
// in (and defeats the point of) prepared statements. Rather than put in $variable
// replace them with '?' . (not including quotation marks)
$query = "UPDATE users SET token = null, user_password = ? WHERE user_email = ?";
$stmt = $connection->prepare($query);
$stmt->bind_param("ss", $hashed_password, $user_email);
$stmt->execute();
$stmt->close();
}
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
}
此外,如果您将 db.php 放在标题之前,以及我在标题之前提供的代码,很可能可以避免文档开头的输出缓冲。(这只是基于我在其他代码中看到的一些错误。)
您在原始帖子“mysqli_stmt_bind_param() 期望参数 1 为 mysqli_stmt”中描述的错误意味着查询语法很可能存在错误,这是我修改的主要元素。
推荐阅读
- vuejs2 - 开玩笑单元测试无法确定 Vuetify 组件的可见性
- c++ - 从 C++ 程序调用 git clone
- shell - 如何在shell脚本linux上使用case语句
- python - 错误:libfreetype.6.dylib 需要 54.0.0 或更高版本,但 libpng16.16.dylib 提供 52.0.0 版本
- tensorflow - IN CNN 无法训练我所有的样本图像
- virtual-machine - Proxmox 减少(缩小)硬盘虚拟机
- grails - 将 Groovy 脚本的结果放入 GSP
- javascript - 为什么即使我使用异步和等待,项目的总计数始终为零
- laravel - 当我使用限制或接受 whereIn 时,laravel eger 加载无法正常工作
- javascript - 如何在 CSS/HTML/JS 上创建虚线