密码重置个人验证

时间:2013-04-15 23:32:19

标签: php javascript mysql

我是php的新手,试图学习一些东西。我正在尝试编写一个脚本,允许用户在验证个人信息后重置密码。除了这个PHP脚本,一切都很好。此脚本从表单输入字段接收数据。该计划应该输出:

echo $e.'&u='. $us .'&er='.$err.'&o='. $bulls3 .'&r='.$bulls4;


            exit(); 

可以作为respondText发送到ajax。 问题是这个PHP脚本没有按预期工作,并给我以下错误消息。有没有人可以帮助我。任何帮助将非常感谢。提前感谢您的帮助..

错误输出消息:

警告:mysqli_num_rows()要求参数1为mysqli_result,在第119行的C:\ xampp \ htdocs \ myGenius \ identityverify.php中给出布尔值 接触

<?php
// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST["bd"])){
    $bad= preg_replace('#[^0-9-]#i', '', $_POST['bd']);
    //Connect to database
    include_once("php_includes/connect_to_mysqli.php");
    $e = mysqli_real_escape_string($db_conx,$_POST['e']);
    $c= preg_replace('#[^a-z ]#i', '', $_POST['c']);
    $post= preg_replace('#[^a-z0-9]#i', '', $_POST['pst']);
    $user= preg_replace('#[^a-z0-9]#i', '', $_POST['us']);
    $odd= preg_replace('#[^a-z0-9]#i', '', $_POST['od']);

    if($e =="" || $bad =="" || $c=="" ||$post==""){
        echo "empty";
        exit();
        }else if($user=="" || $odd==""){
            echo "no_exist";
            exit();
        }else{



    $sql = "SELECT id, username FROM user WHERE email='$e' AND activated='1' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $numrows = mysqli_num_rows($query);
    if($numrows > 0){
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $id = $row["id"];
            $u = $row["username"];  

//Encrypted values to check with user input passed from hidden fields           
                    //Check codes
            $bull= value1;
            $bull2= value2;
            $bull3= value3;
            $bull3=value4;
            $us= value5;
            $err= value6;

        }
        if($user==$us && $odd==$err){   


    $sql = "SELECT country, birthday, postal FROM useroptions WHERE email='$e' AND username='$u' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $numrows = mysqli_num_rows($query);
    if($numrows > 0){
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $con = $row["country"];
            $bday = $row["birthday"];
            $poost = $row["postal"];

        }


if($c == $con && $bad == $bday && $post==$poost){
// encoded value using some type of encryption for passing data to another web page based on user information data
                $bulls= value1;
                $bulls2= value2;
                $bulls1=value3;
                $bulls3= value4;
                $bulls4= value5;
                $bulls3=value6;
                $bulls4=value7;

            echo $e.'&u='. $us .'&er='.$err.'&o='. $bulls3 .'&r='.$bulls4;


            exit();
        }else{
            echo "wrong";
            exit();
            }

        }else {
        echo "contact";
        exit();
    }//user option not set
    }else{
        echo "no_exist";
        exit();
        }//end code comparison and send to error page
    }else{
        echo "no_exist";
        exit();
        }
        exit();
}}
?>

1 个答案:

答案 0 :(得分:0)

我总是使用两个查询,而不是让服务器返回匹配

的所有内容
  1. select count(*) from database where condition='expected';
  2. 根据验证初始结果的if()子句执行第二次查询。
  3. 由于我的主查询尚未执行,因此提供了注射预防措施。

    尝试替换

    if(isset($_POST["bd"])){
    

    使用

    if(!empty($_POST["bd"])){