【发布时间】:2014-12-02 02:34:13
【问题描述】:
连接变量会在上面($dbConnected),但出于显而易见的原因,我把它们去掉了。至于这个问题,我似乎无法判断与我的数据库的连接是否存在问题,或者它是否是我的代码主体中的逻辑错误。
<?php
$hostname = "";
$username = "";
$password = "";
$databaseName = "";
$dbConnected = mysql_connect($hostname, $username, $password);
$dbSelected = mysql_select_db($databaseName, $dbConnected);
if ($dbConnected) {
$email = $_POST['email'];
$query = mysql_query("SELECT * FROM Users WHERE Primary_Email = '$email'");
$numrows = mysql_num_rows($query);
// Checking to see whether the email address is registered in the database
if ($numrows == 1) {
$pass = rand();
$pass = md5($pass);
$password = $pass;
// Updating database with new password
mysql_query("UPDATE Users SET UserPassword = '$password' WHERE User_Email = '$email'");
$query = mysql_query("SELECT * FROM users WHERE User_Email = '$email' AND UserPassword = '$password'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
// Create email
$webmaster = "admin@chaluparosa-gaming.com";
$headers = "From: Ian Monson <$webmaster>";
$subject = "Your new password";
$message = "Hello. You have requested a password reset. Your new password is below. Please do not reply to this email, as it was automated \n
Password: $password \n ";
if (mail($email, $subject, $message, $headers)) {
echo "Your password has been reset. An email has been sent with your new password!"
echo '<br />';
} else {
echo "Error in sending out the email...";
echo '<br />';
}
}
} else {
echo "Email address was invalid or not found...!";
}
} else {
echo "Error connecting to the database...!";
}
?>
【问题讨论】:
-
是否完成了任何基本调试,例如在所有 query() 调用中添加
or die(mysql_error())?您的所有代码都没有错误处理,只是假设查询永远不会失败。不好的假设。您也容易受到sql injection attacks 的攻击。 -
拜托,don't use
mysql_*functions,它们不再维护,而是officially deprecated。改为了解prepared statements,并使用PDO 或MySQLi。 This article 将帮助您做出决定。 -
或者你可以简单地添加一些回声..说我在这里!