0

私は「忘れられたユーザー名」システムに取り組んでいます.2つの異なるページで2つのフォームを使用しているため、コードは次のようになります:-

回復_ページ.php:

  <form action="security.php" method="post" enctype="multipart/form-data">
    Please Enter your email address:<br>
    <input type="text" name="email" value="<?php $_POST['email']?>">
    <input type="submit" value="submit"> 
    </form>

そのphpコード:

<?php
include "session.php";
include "database/db.php";
$mode_allowed = array('username','password');
if(isset($_GET['mode']) === false && in_array($_GET['mode'],$mode_allowed)===false){
header('location:index.php');
}
?>

2 番目のページ (security.php):

    <form action="security.php" method="POST" enctype="multipart/form-data">
        <p> Answer this question <p>
    <select type="text" selected="selected" name="security_question" value="<?php $security_question?>">
                            <option name="security_question" value="<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
    $array = mysql_fetch_array($security_question);
    echo $array[0];
    ?>">
    <?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
    $array = mysql_fetch_array($security_question);echo $array[0]; ?>                  
    </option> </select> <br>
    <input type="text" name="answer"/> <br>
    <input type="submit" value="submit"> 
</form>

その php コード : // メールがデータベースに存在するかどうかを確認するコード

<?php
    include "session.php";
    include "database/db.php";

        $mode_allowed = array('username','password');
            if(isset($_POST['email']) === true && empty($_POST['email']) === false){
                if(email_exists($_POST['email']) === false){
                    echo "Sorry, we can't find this email";
                    exit();
                }
            }
    ?>

//データベースで回答を検索し、ユーザーが「回答」フィールドに入力した回答と比較するコード

   <?php
            echo "<input type='hidden' name='email' value=' '".$_SESSION['email']."' '>";
        if(isset($_POST['answer'])){
            $answer = $_POST['answer'];
            if(!empty($answer)){
                $sql = mysql_query("SELECT `username` FROM `users` WHERE `email` ='".mysql_real_escape_string($_SESSION['email'])."' AND `answer`='".mysql_real_escape_string($answer)."'");
                        if(mysql_num_rows($sql) == 1){
                        header('location:last.php?success');                
                    }else {
                        echo "Wrong answer";
                    }

                }else{
                    echo "<script type='text/javascript'>alert('you must answer this question');</script>";
                }
            }
        ?>

これは、次のような非表示の入力なしでSQLステートメントを作成すると正常に機能します:-

$sql = mysql_query("SELECT `username` FROM `users` WHERE `answer`='".mysql_real_escape_string($answer)."'");

また、エコーアウトでき$_SESSION['email'];、隠しフィールドの正しい値が得られます。では、SQL がこの値を取得できないのはなぜですか?!

4

1 に答える 1

0

最後のスクリプトのコードを編集します (コードと html を一緒にします)。次のようになります。

<?php
include "session.php";
include "database/db.php";

$Message = "";

$mode_allowed = array('username','password');
if(isset($_POST['email']) === true && empty($_POST['email']) === false)
{
    if(email_exists($_POST['email']) === false)
    {
        echo "Sorry, we can't find this email";
        exit();
    }
}
if(isset($_POST['answer']))
{
    $answer = $_POST['answer'];
    if(!empty($answer))
    {
        $sql = mysql_query("SELECT `username` FROM `users` WHERE `email` ='".mysql_real_escape_string($_SESSION['email'])."' AND `answer`='".mysql_real_escape_string($answer)."'");
        if(mysql_num_rows($sql) == 1)
        {
            header('location:last.php?success');                
        }
        else 
        {
            $Message = "Wrong answer";
        }
    }
    else
    {
        echo "<script type='text/javascript'>alert('you must answer this question');</script>";
    }
}
?>
<form action="security.php" method="POST" enctype="multipart/form-data">
    <p> Answer this question </p>
    <select type="text" selected="selected" name="security_question" value="<?php $security_question?>">
        <option name="security_question" value="<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
        $array = mysql_fetch_array($security_question);
        echo $array[0];
        ?>">
        <?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
        $array = mysql_fetch_array($security_question);echo $array[0]; ?>                  
        </option> 
    </select> <br>
    <input type="text" name="answer"/> <br>
    <input type='hidden' name='email' value='<?php $_POST['email']?>'>
    <input type="submit" value="submit"> 
    <?php if ($Message != '') echo "<br /> $Message";?>
</form>
于 2013-10-02T11:43:02.760 に答える