-2
我一直在试图建立一个重置密码功能为我的网站,用户可以在其中插入已注册的电子邮件,这将产生一个随机OTP以及将存储在同一列用户的详细信息,如使用PHP更新MySQL中特定行中的特定列?
id firstname lastname username email resetpassword
1 name last user email OTP
这是我的代码,但它不工作。
<?php
require 'dbh.php';
session_start();
$random = mt_rand(1000,1000000);
$email = $_POST['email'];
$sql = "SELECT Email FROM registeredusers WHERE Email='$email'";
$result = mysqli_query($connection,$sql);
$emailCheck = mysqli_num_rows($result);
if (empty($email))
{
echo "please fill out all the fields";
}
else{
$result = mysqli_query($connection,$sql);
$sql = "UPDATE registeredusers SET ResetPassword='$random' WHERE Email='$email'";
Header("Location: submitOTP.php");
}
?>
我只是想这一点,所以形式看起来是这样的
<form action="resetPassword.php" method="POST">
<input type="text" value="email" name="email"></input>
<input type="submit" value="submit"></input>
</form>
[Little Bobby](http://bobby-tables.com/)说*** [您的脚本存在SQL注入攻击风险。](http ://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***了解[prepared](http://en.wikipedia.org/wiki/Prepared_statement) [MySQLi]的声明(http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不相信吗?](http://stackoverflow.com/q/38297105/1011527) –