Salve sto facendo un cambio password tramite pin, ma non so come mai mi da questo errore:
codice:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET users password='demo' WHERE username='admin' and pin='91e82999cf7e45da1070e' at line 1' in D:\xampp\htdocs\db\admin\forgot.php:37 Stack trace: #0 D:\xampp\htdocs\db\admin\forgot.php(37): PDOStatement->execute() #1 {main} thrown in D:\xampp\htdocs\db\admin\forgot.php on line 37
il codice è questo:
codice:
<?php include("inc.php");
session_start();
if(isset($_POST['login'])){
$password = $_POST["password"];
$username = $_POST['username'];
$pin = $_POST['pin'];
if(empty($username))
{
$error = "Username non inserito";
}elseif(empty($pin))
{
$error = "Pin non inserito";
}
else
{
$md5_pin = md5($_POST["pin"]);
$query = $db->prepare("SELECT * FROM users WHERE username=:username AND pin=:pin");
$query->bindParam(':username', $_POST['username']);
$query->bindParam(':pin', $md5_pin);
$query->execute();
if($row = $query->fetch()){
$md5_row_pin = $row["pin"];
$query = $db->prepare("UPDATE SET users password=:password WHERE username=:username and pin=:pin");
$query->bindParam(':username', $row['username']);
$query->bindParam(':pin',$md5_row_pin );
$query->bindParam(':password', $_POST['password']);
$query->execute();
$msg = "Fatto";
}else
{
echo 'ERROR';
}
}
}
?>
<!DOCTYPE html>
<html>
<meta charset="utf-8">
<head>
<title>Recupera/Cambia password dal pin</title>
</head>
<body>
<h1>Recupera/Cambia password dal pin</h1>
<?php
if(isset($error)){ echo "<p class=\"info_error\">".$error."</p>";}
if(isset($msg)){ echo $msg;} else {
?>
<form method="POST">
<table width="960px">
<tr>
<td>Username</td>
<td><input type="text" name="username" value="<?php if(isset($_POST['username'])){echo htmlspecialchars($_POST['username']);}?>"></td>
</tr>
<tr>
<td>Pin</td>
<td><input type="password" name="pin" value="<?php if(isset($_POST['pin'])){echo htmlspecialchars($_POST['pin']);}?>"></td>
</tr>
<tr>
<td>Inserire nuova password</td>
<td><input type="password" name="password" value="<?php if(isset($_POST['password'])){echo htmlspecialchars($_POST['password']);}?>"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="login"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
idea? come posso risolvere il problema .. ?
grazie mille.