试图用PHP更新MYSQL表

Question

我一直在尝试用PHP更新MYSQL表，但它似乎没有用。我调整了代码，有时它说它已更新，当它没有时，有时它说它不起作用。如果有人可以查看我的代码并告诉我他们是否可以看到任何错误，那将非常感激。

形式：

<form method="post" action="update.php" name="update" id="update">
<input type="text" name="username" placeholder="Username" id="regUsername" value="<?php echo $row['username'] ?>" /><br><br>
<input type="password" name="password" placeholder="Password" id="regPassword"  value="<?php echo $row['password'] ?>" /><br><br>
<input type="email" name="email" placeholder="Email Address" id="regEmail" value="<?php echo $row['email'] ?>" /><br><br>
<p id="FillInFields"></p>
<input type="submit" value="submit"/><br>
</form>

Update.php

<?php
$linkme = mysql_connect("*******","******","******");
if (!$linkme)
    die ("Could not connect to database");
mysql_select_db("*******", $linkme);

$username = mysql_real_escape_string($_REQUEST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
$email = mysql_real_escape_string($_POST["email"]);
$edit_id = $_POST['edit_id'];


$query = mysql_query(
    "UPDATE user 
    SET username = '$username' , 
    password = '$password' , 
    email = '$email' 
    WHERE user_id = '$edit_id'");

mysql_query ($query)
    or die ("Sorry but your details were not uploaded.");

echo ("Your details didn't update");

mysql_close($linkme);
?>

edit_id是表单页面上的会话ID：，并且已使用会话在所有页面内启动会话。

$edit_id = $_SESSION['edit_id'];

谢谢

Answer 1

评论回答关闭问题，因为它确实适用于OP。

尝试类似：

<input type="hidden" name="edit_id" value="<?php echo $row['id_row'] ?>">

['id_row']是所述行的一个示例，因为您正在迭代从DB中获取某些类型的行。

由于您正在使用会话，因此您需要将该POST数组分配给会话数组。

---

关于使用您正在使用的已弃用的MySQL库的旁注：

• 使用mysqli with prepared statements或PDO with prepared statements，了解它们更安全。

---

我注意到您可能以纯文本格式存储密码。如果是这种情况，则非常气馁。

我建议您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()功能 对于PHP＆lt; 5.5使用password_hash() compatibility pack。

Answer 2

是表单文件中缺少的变量$ edit_id吗？

<form method="post" action="update.php" name="update" id="update">
<input type="text" name="username" placeholder="Username" id="regUsername" value="<?php echo $row['username'] ?>" /><br><br>
<input type="password" name="password" placeholder="Password" id="regPassword"  value="<?php echo $row['password'] ?>" /><br><br>
<input type="email" name="email" placeholder="Email Address" id="regEmail" value="<?php echo $row['email'] ?>" /><br><br>

您必须设置输入（通常为隐藏类型）以放置密钥ID。在你的情况下，$ edit_id

Answer 3

我注意到了一些事情。

要调试sql查询，请将sql查询分隔为var

    echo $query = "UPDATE user SET username = '$username', password = '$password', email = '$email' WHERE user_id = '$edit_id'";

    $query = mysql_query($query); //echo the $query in update.php and  
                                  //run the actual query in a sql dialog
                                  //if that doesn't work, then there's 
                                  //something definitely wrong with your 
                                  //query. 


mysql_query ($query)
    or die ("Sorry but your details were not uploaded.");

    echo ("Your details didn't update"); //you have an echo statement in the
                                         //middle of the script in an area 
                                         //without in a conditional loop, it 
                                         //will echo this error message even 
                                         //if the query committed  
                                         //successfully 

您还缺少$ edit_id。您可以在表单中使用隐藏字段

<input type="hidden" name="edit_id" value="edit_id_val">

您也不需要在查询中围绕edit_id字段值添加单个标记，因为它是一个整数。

Answer 4

<?php

$linkme = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die('could not connect because of '.mysqli_error())

$username = mysqli_real_escape_string($linkme, $_REQUEST["username"]);
$password = mysqli_real_escape_string($linkme, $_POST["password"]);
$email = mysqli_real_escape_string($linkme, $_POST["email"]);
$edit_id = mysqli_real_escape_string($linkme, $_POST['edit_id']);


$q = "UPDATE user SET 
username = '$username', 
password = SHA1('$password'), 
email = '$email' 
WHERE user_id = '$edit_id'";

$r = mysqli_query($linkme, $q);

if($r){
echo 'success';
}else{
echo '<p>'.$q.'</p>';
echo '<p>'.mysqli_error($linkme).'</p>';
}
?>

您应该使用SHA1或MD5加密密码 你也错过了edit_id