php pdo更新数据库,数据库没有更新 – php PDO

我正在使用以下代码更新数据库中的密码和salt字段：

// First we execute our common code to connection to the database and start the session

require("common.php");

$id = $_GET[id];

// This if statement checks to determine whether the registration form has been submitted

// If it has, then the registration code is run, otherwise the form is displayed

if(!empty($_POST))

{

// Ensure that the user has entered a non-empty password

if(empty($_POST['password']))

{

die("Please enter a password.");

}

// Ensure that the user has entered a non-empty username

if(empty($_POST['confirmpassword']))

{

// Note that die() is generally a terrible way of handling user errors

// like this. It is much better to display the error with the form

// and allow the user to correct their mistake. However, that is an

// exercise for you to implement yourself.

die("Please confirm your password.");

}

if ($_POST["password"] == $_POST["confirmpassword"]) {

// An INSERT query is used to add new rows to a database table.

// Again, we are using special tokens (technically called parameters) to

// protect against SQL injection attacks.

$query = "UPDATE Staff SET password=:password, salt=:salt WHERE id=:id";

// A salt is randomly generated here to protect again brute force attacks

// and rainbow table attacks. The following statement generates a hex

// representation of an 8 byte salt. Representing this in hex provides

// no additional security, but makes it easier for humans to read.

$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));

// This hashes the password with the salt so that it can be stored securely

// in your database. The output of this next statement is a 64 byte hex

// string representing the 32 byte sha256 hash of the password. The original

// password cannot be recovered from the hash.

$password = hash('sha256', $_POST['password'] . $salt);

// Next we hash the hash value 65536 more times. The purpose of this is to

// protect against brute force attacks. Now an attacker must compute the hash 65537

// times for each guess they make against a password, whereas if the password

// were hashed only once the attacker would have been able to make 65537 different

// guesses in the same amount of time instead of only one.

for($round = 0; $round < 65536; $round++)

{

$password = hash('sha256', $password . $salt);

}

try

{

// Execute the query to create the user

$stmt = $db->prepare($query);

$stmt->execute(array(

':password' => $password,

':salt' => $salt,

':id' => $id));

}

catch(PDOException $ex)

{

// Note: On a production website, you should not output $ex->getMessage().

// It may provide an attacker with helpful information about your code.

die("Failed to run query: " . $ex->getMessage());

}

// This redirects the user back to the login page after they register

header("Location: login.php");

}

die("Passwords do not match.");

}

数据库中有一个“id”字段,id为1的工作人员成员(上一页的链接将id传递给该页面,在本例中,id为1).我不确定为什么它不更新数据库.我是php新手,非常喜欢任何帮助.

谢谢,

乔

解决方法:

语法不正确,您想使用以下方法调用$id：

$id = $_GET['id'];

标签：php,mysql,database,pdo

来源： https://codeday.me/bug/20190703/1367910.html