我正在为基本的PHP学习目的创建一个虚拟应用程序,好了,现在我的应用程序将用户插入一个帐户,用户可以在其中执行多项操作,例如搜索产品等。用户可以执行的一项功能是编辑帐户细节,这就是我遇到的一切。没有显示错误,但是当我通过点击“编辑帐户”按钮提交查询时,所有内容都可以工作,但是当我检查数据库时,我发现没有任何更改......
我也知道代码的安全问题,但我想建立基本功能
userEditAccount.php:
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['Edit Account']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$dbusername = $_SESSION['username'];
$editQuery = mysql_query("UPDATE users SET user_id='NULL' username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE username='$edit'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
我还会包含login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['username'] == $dbusername;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
在我自己的意见中,问题在SESSION或者查询中存在,但我已经经历了许多不同的资源,这应该不是问题......我可能会遗漏一些非常基本的或一些LAME的错误:d
答案 0 :(得分:0)
很简单。您使用if(isset($_POST['Edit Account'])),但提交按钮没有名称:
<input type="submit" value="Edit Account" class="button">
将输入更改为:
<input type="submit" value="Edit Account" name="edit_account" class="button">
并将if(isset($_POST['Edit Account']))更改为if(isset($_POST['edit_account']))
答案 1 :(得分:0)
哪里是$ edit?
WHERE username='$edit'
也许您必须使用会话的$ dbusername
更改此设置Hovewer:
- 不要使用mysql已弃用,请使用mysqli或pdo
- 您可以在一行中保护所有变量
foreach($_POST as $key => $var) $_POST[$key] = mysqli_real_escape_string($var);
- 在输入变量上添加验证控件,并登录会话检查