我正在爲基本的PHP學習目的創建一個虛擬應用程序,現在我的應用程序將用戶鎖定到一個帳戶,用戶可以在其中執行多項任務,例如搜索產品等。用戶可以執行的功能之一是編輯帳戶詳細信息,這是我遇到的一切問題。沒有錯誤顯示,但當我通過點擊'編輯帳戶'按鈕提交查詢一切simes工作,但是當我檢查數據庫我發現沒有什麼改變...PHP更新表
我也意識到安全問題withing的代碼,但ATM我要建立基本功能
userEditAccount.php:
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['Edit Account']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$dbusername = $_SESSION['username'];
$editQuery = mysql_query("UPDATE users SET user_id='NULL' username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE username='$edit'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
我還將包括的login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword){
$_SESSION['username'] == $dbusername;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
在我自己的看法中,問題在SESSION或者查詢的某個地方出現,但是我經歷了許多不同的資源,它不應該是一個問題....我可能會錯過一些非常基礎的或者一些LAME錯誤:D
爲什麼你逃脫你的絃樂,然後去掉斜槓?無論如何,你不應該使用mysql_ *擴展名。改用PDO或Mysqli http://www.php.net/manual/en/mysqlinfo.api.choosing.php – Tchoupi 2013-03-02 19:45:36
你的userEditAccount.php在哪裏?表單正在提交,但您沒有發佈。 – 2013-03-02 19:47:30
如果您只是學習,請學習使用MySQLi或PDO擴展的預準備語句,而不是使用不贊成使用的MySQL擴展的不良做法 – 2013-03-02 19:49:21