【发布时间】:2018-08-05 02:41:02
【问题描述】:
<?php
include("db_conection.php");
if(isset($_POST['ForgotSubmit']))
{
session_start();
echo $admin_name=$_POST['admin_name'];
$pass_identity=$_POST['pass_identity'];
$admin_query="select * from admin where admin_name='$admin_name' AND pass_identity='$pass_identity'";
$$sql = "UPDATE admin SET admin_pass='password' WHERE admin_name = '$admin_name'";
$run_query=mysqli_query($dbcon,$admin_query);
if(mysqli_num_rows($run_query)>0)
{
if($admin_name == "admin"){
echo "<script>alert('Your password is now set to *password*.'); window.location='Admin-Secu-Login.php'</script>";}
if($admin_name == "security"){
echo "<script>alert('Your password is now set to *password*'); window.location='Secy-Account-Details.php'</script>";}
}
else {echo"<script>alert('Does not match.')</script>";}
}
?>
我想将我的密码重置为默认密码。我需要做的第一件事是正确回答安全问题,但是当我点击按钮时,它在我的数据库中没有改变,请帮助
【问题讨论】:
-
$$sql?!?你在使用变量变量? -
SET admin_pass='password'你知道你在这里做什么,对吧? -
我们这里有真正不错的 sql 注入。你知道准备好的陈述吗?你应该。
标签: php login passwords forgot-password