MySQL数据库的名称是test,表的名称是t_user
创建t_user的sql文件: create_table.sql
//*******************create_table.sql***************************
create database if not exists test;
use test;
drop table if exists t_user;
create table if not exists t_user
(
f_username char(50) not null primary key,
f_password char(50) not null,
f_name char(50) not null,
f_email char(50) not null,
f_logintimes int not null default 0,
f_lasttime datetime,
f_loginip char(20)
);
//*******************EndCode***********************************
//*******************modify.php*********************************
<?php
//判断用户是否已经登陆
session_start();
if(empty($_SESSION['username']))
{
echo "您还没有登录,请您先登录页面!";
exit;
}
?>
<?php
require_once('check.php'); //引入公共文件,实现检查用户输入,防止SQL注入漏洞的代码
require_once('db_connect.php'); //引入公共文件,数据库的连接
//服务器端的数据有效性验证
//trim()函数可以截取头尾的空白字符
$username = trim($_POST['username']);
$old_pwd = $_POST['old_pwd'];
$new_pwd = $_POST['new_pwd'];
//将明文密码使用md5算法加密
$old_pwd = md5($old_pwd);
$new_pwd = md5($new_pwd);
if(!empty($username))
{
//建立数据库的连接
$db = db_connect();
//查询数据库,看填写的用户名是否已经存在
$sql = "select * from t_user
where f_username='$username' and f_password='$old_pwd'";
$res = $db->query($sql);
//$res->num_rows 判断上面的执行结果是否含有记录,有记录说明用户名已经存在
if($res->num_rows <= 0)
{
echo "<center><font color='red' size='4'>数据库里不存在该用户!</font></center><br/>";
}
else
{
//将用户信息插入数据库的t_user表
$sql = "update t_user set f_password = '$new_pwd'
where f_username='$username' and f_password='$old_pwd'";
$res = $db->query($sql);
if(!$res)
{
$db->close(); //关闭数据库
echo '数据库记录修改失败!';
exit;
}
//将输出重定向到register_result.php文件
header("Location: modify_result.php?uid=$username");
}
//关闭数据库连接
$db->close();
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>修改密码</title>
<style type="text/css">
<!--
.alert {color:red}
.textinput {width:160px}
.btn {width:80px}
table {border:3px double;background-color:#eeeeee;}
-->
</style>
<script language='javascript'>
<!--
//验证表单数据有效性的函数
//当函数返回true时,说明验证成功,表单数据正常提交
//当函数返回false时,说明验证失败,表单数据被终止提交
function doCheck()
{
var username = document.frmRegister.username.value;
var old_pwd = document.frmRegister.old_pwd.value;
var new_pwd = document.frmRegister.new_pwd.value;
var repeat_pwd = document.frmRegister.repeat_pwd.value;
if(username == '')
{
alert('请输入用户名!');
return false;
}
if(old_pwd == '')
{
alert('请输入旧密码!');
return false;
}
if(new_pwd == '')
{
alert('请输入新密码!');
return false;
}
if(repeat_pwd == '')
{
alert('请输入重复密码!');
return false;
}
if(new_pwd != repeat_pwd)
{
alert('重复密码与新密码不一致!');
return false;
}
if(new_pwd.length < 6 || new_pwd.length > 30)
{
alert('密码必须在6到30个字符之间!');
return false;
}
return true;
}
-->
</script>
</head>
<body>
<h1 align="center"><font color="black" size="5"> 修改密码 </font></h1>
<form name="frmRegister" method="post" action="modify.php" onsubmit="return doCheck();">
<table width="330" border="0" align="center" cellpadding="5" bgcolor="#eeeeee">
<tr>
<td width="40%">用户名:</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>旧密码:</td>
<td><input name="old_pwd" type="password" id="old_pwd"></td>
</tr>
<tr>
<td>新密码:</td>
<td><input name="new_pwd" type="password" id="new_pwd"></td>
</tr>
<tr>
<td>重复密码:</td>
<td><input name="repeat_pwd" type="password" id="repeat_pwd"></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="修改" />
<input type="reset" name="reset" value="重置" />
</td>
</tr>
</table>
</form>
</body>
</html>
//*******************EndCode***********************************
//*******************check.php**********************************
<?php
//防范SQL注入漏洞
function checkIlldalWord()
{
//定义不允许提交的SQL命令及关键字
$words = arr
ay();
$words[] = " add ";
$words[] = " count ";
$words[] = " create ";
$words[] = " delete ";
$words[] = " drop ";
$words[] = " from ";
$words[] = " grant ";
$words[] = " insert ";
$words[] = " select ";
$words[] = " truncate ";
$words[] = " update ";
$words[] = "use ";
$words[] = "-- ";
//判断提交的数据中是否存在以上关键字,$_REQUEST中含有所有提交数据
foreach($_REQUEST as $strGot)
{
$strGot = strtolower($strGot);//转为小写
foreach($words as $word)
{
if(strstr($strGot,$word))
{
echo "您输入的内容含有非法字符!";
exit;//退出运行
}
}
}
}
checkIlldalWord();
?>
//*******************EndCode***********************************
//*******************db_connect.php***************************
<?php
//数据库连接函数
function db_connect()
{
//调用mysql的构造函数建立连接,同时选择使用数据库'test'
$dbhost = 'localhost';
$dbuser = 'root';
$dbpw = '123456789';
$dbname = 'test';
$db = @new mysqli($dbhost,$dbuser,$dbpw,$dbname);
//检查数据库连接
if(mysqli_connect_errno())
{
echo "数据库连接失败!<br>\n";
echo mysqli_connect_error();
exit; //退出程序,后面的语句将不再执行
}
return $db;
}
?>
//*******************EndCode***********************************
//*******************modify_result.php*************************
<?php
//获取用户名
$username = trim($_GET['uid']);
if(empty($username))
{
echo 'URL参数错误!';
exit;
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>Registering Reault</title>
<style type="text/css">
<!--
/*表边框为内凹型*/
table {border-color:#c0e0c0; border-style:insert; border-width:4px}
td {font-size:14pt}
/*居中*/
td.hint {color:red; font-size:20pt; text-align:center}
/*背景为天蓝色*/
td.caption {background-color:skyblue; font-size:16pt}
/*粗体*/
td.label {font-weight:bold;}
-->
</style>
</head>
<body>
<center>
<?php
if(!empty($username))
{
?>
<table border='0' cellpadding='5' cellspacing='5'>
<tr>
<td colspan='2' class='hint'>恭喜您修改密码成功!</td>
</tr>
<tr>
<td class='label'>用户名:</td>
<td><? echo $username; ?></td>
</tr>
</table>
<?php
}
?>
</center>
</body>
</html>
//*******************EndCode***********************************
I am a greenhand, I wanna learn something about PHP, So please sent me some usefull details, THX!