<?php header("content-type:text/html;charset=utf-8"); //编码include("conn/conn.php"); //链接数据库if(isset($_POST['xiugai'])){ //判断有没有修改按钮 $user=$_POST['user']; //定义用户名变量 $pwd=$_POST['pwd']; //原密码变量 $xpwd=$_POST['xpwd']; //新密码变量 $section=$_POST['section']; //部门名称变量 $name=$_POST['name']; //真实姓名变量 $insert=mysql_query("update tb_login set pwd='$xpwd',section='$section',name='$name' where user='$user' and pwd='$pwd'",$conn); //更新数据库语句 echo mysql_error(); if($insert){//判断是否执行 echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'; echo "<script>alert('?修改成功');window.location.href='index.php'</script>"; //修改成功 } else{ echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'; echo "<script>alert('?修改失败');window.location.href='guanli.php'</script>"; //修改失败 }}?>
这个是网页代码
<form action="guanli_ok.php" method="post" enctype="multipart/form-data" name="form2" id="form2"> <table width="527" height="282" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="194" height="46"><div align="left"><?php echo $_SESSION['user'];?> 用户信息修改</div></td> <td width="333"><div align="left"></div></td> </tr> <tr> <td height="46"><div align="right">用户名:</div></td> <td><div align="left"><input type="text" name="user" readonly="readonly" value="<?php echo $_SESSION['user'];?>"/></div></td> </tr> <tr> <td height="40"><div align="right">原密码:</div></td> <td><div align="left"><input type="text" name="pwd" /></div></td> </tr> <tr> <td height="30"><div align="right">新密码:</div></td> <td><div align="left"><input type="text" name="xpwd" /></div></td> </tr> <tr> <td height="30"><div align="right">确认密码:</div></td> <td><div align="left"><input type="text" name"quren" /></div></td> </tr> <tr> <td height="30"><div align="right">部门:</div></td> <td><div align="left"><input type="text" name="section" /></div></td> </tr> <tr> <td height="30"><div align="right">真实姓名:</div></td> <td><div align="left"><input type="text" name="name" /></div></td> </tr> <tr> <td height="30"> </td> <td><input type="submit" name="xiugai" value="确认修改"/> </td> </tr> </table> </form>
问题是最后就算我原密码是输入错误的提示也是修改成功跳转到了index.php页面 但是数据库没修改 原密码正确就一切正常
回复讨论(解决方案)
if($insert){//判断是否执行
这个判断是错误的
你只是检查了 update 命令是否有错,并没有检查到修改是否成功
mysql_affected_rows() 大于 0 才表示修改成功
没有认真看手册吧。
http://www.w3school.com.cn/php/func_mysql_query.asp
返回值
mysql_query() 仅对 SELECT,SHOW,EXPLAIN 或 DESCRIBE 语句返回一个资源标识符,如果查询执行不正确则返回 FALSE。
对于其它类型的 SQL 语句,mysql_query() 在执行成功时返回 TRUE,出错时返回 FALSE。
非 FALSE 的返回值意味着查询是合法的并能够被服务器执行。这并不说明任何有关影响到的或返回的行数。很有可能一条查询执行成功了但并未影响到或并未返回任何行。
检查是否影响到了行数,应该用mysql_affected_rows()函数来检查检测。

Effective methods to prevent session fixed attacks include: 1. Regenerate the session ID after the user logs in; 2. Use a secure session ID generation algorithm; 3. Implement the session timeout mechanism; 4. Encrypt session data using HTTPS. These measures can ensure that the application is indestructible when facing session fixed attacks.

Implementing session-free authentication can be achieved by using JSONWebTokens (JWT), a token-based authentication system where all necessary information is stored in the token without server-side session storage. 1) Use JWT to generate and verify tokens, 2) Ensure that HTTPS is used to prevent tokens from being intercepted, 3) Securely store tokens on the client side, 4) Verify tokens on the server side to prevent tampering, 5) Implement token revocation mechanisms, such as using short-term access tokens and long-term refresh tokens.

The security risks of PHP sessions mainly include session hijacking, session fixation, session prediction and session poisoning. 1. Session hijacking can be prevented by using HTTPS and protecting cookies. 2. Session fixation can be avoided by regenerating the session ID before the user logs in. 3. Session prediction needs to ensure the randomness and unpredictability of session IDs. 4. Session poisoning can be prevented by verifying and filtering session data.

To destroy a PHP session, you need to start the session first, then clear the data and destroy the session file. 1. Use session_start() to start the session. 2. Use session_unset() to clear the session data. 3. Finally, use session_destroy() to destroy the session file to ensure data security and resource release.

How to change the default session saving path of PHP? It can be achieved through the following steps: use session_save_path('/var/www/sessions');session_start(); in PHP scripts to set the session saving path. Set session.save_path="/var/www/sessions" in the php.ini file to change the session saving path globally. Use Memcached or Redis to store session data, such as ini_set('session.save_handler','memcached'); ini_set(

TomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe

Arrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.

PHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

Atom editor mac version download
The most popular open source editor

Notepad++7.3.1
Easy-to-use and free code editor
