提交后,自动将数据库中的数据重新加载到HTML表单中

时间:2015-07-10 13:27:55

标签: php

我正在尝试为我的网站创建用户个人资料注册。基础已经到位,用户现在可以注册并登录该站点。

每个成员在数据库中都会收到一个唯一的成员ID,登录后,他们可以访问下面的页面。这是一个简单的表单,它将数据库中的数据作为html表单输入字段中的预填充值加载。更改此数据并提交数据,可以将数据正确存储在数据库中。全部来自本网站专家的实例和建议。

我的问题是如何重新加载表单,或者如何使用数据库中的新数据更新字段,而无需在单击提交按钮后手动重新加载页面?

对于此表单的安全性的任何反馈,我们将非常感激。我曾尝试研究mySQL PDO并准备语句以避免SQL注入,但我觉得我还有很长的路要走,才能完全理解它并确保网站安全。

<?php require('includes/config.php'); 

//Redirect to login page if not logged in
if(!$user->is_logged_in()){ header('Location: login.php'); }

//Get user profile data from DB
$sth= $db->query ("SELECT username, firstname, middlename, lastname, email FROM members"); 
$sth->bindColumn (1, $username);
$sth->bindColumn (2, $firstname);
$sth->bindColumn (3, $middlename);
$sth->bindColumn (4, $lastname);
$sth->bindColumn (5, $email);
while ($sth->fetch (PDO::FETCH_BOUND))

//Process form when submitted
if(isset($_POST['submit'])){
    //if nothing is wrong, store data in DB
    if(!isset($error)){
        try {
            //update user profile in database with a prepared statement
            $sql = "UPDATE members SET username = :username,
                firstname = :firstname,
            middlename = :middlename,
            lastname = :lastname,
            email = :email
            WHERE memberID = :memberID";
        $stmt = $db->prepare($sql); 
        $stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR);
        $stmt->bindParam(':firstname', $_POST['firstname'], PDO::PARAM_STR);
        $stmt->bindParam(':middlename', $_POST['middlename'], PDO::PARAM_STR);
        $stmt->bindParam(':lastname', $_POST['lastname'], PDO::PARAM_STR);
        $stmt->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
        $stmt->bindParam(':memberID', $_SESSION['memberID'], PDO::PARAM_STR);
        $stmt->execute(); 

    //catch error message if something is wrong
    } catch(PDOException $e) {
        $error[] = $e->getMessage();
        }
    }
}
//define page title
$title = 'Profile Registration';

//include member header
require('layout/header_member.php'); 
?>
<div class="container">
<h2>Please Register Your Profile</h2>
<p>Get started and register your profile below</p>
<p>Your member ID is: <?php echo $_SESSION['memberID']; ?> </p>
<?php
    //show any error messages from the database here
    if(isset($error)){
        foreach($error as $error){
            echo '<p class="bg-danger">'.$error.'</p>';
        }
    }
?>
</div>
<hr>
<div class="container">     
  <form class="form-horizontal" role="form" method="post" action="<? echo $_SERVER['PHP_SELF']; ?>">

<div class="form-group">
 <label class="control-label col-sm-2" for="username">Display name</label>
 <div class="col-sm-10">
  <input type="text" required class="form-control" name="username"    id="username" placeholder="Your Display Name" value="<?php if(isset($error)){    echo $_POST['username']; } ?><?php echo $username; ?>" >
 </div> 
</div> 
<div class="form-group">
 <label class="control-label col-sm-2" for="firstname">First name</label>
 <div class="col-sm-10">
  <input type="text" required class="form-control" name="firstname" id="firstname" placeholder="Your first name" value="<?php if(isset($error)){ echo $_POST['firstname']; } ?><?php echo $firstname; ?>" >
 </div> 
</div>
<div class="form-group">
 <label class="control-label col-sm-2" for="middlename">Middle initials</label>
 <div class="col-sm-10">
  <input type="text" class="form-control" name="middlename" id="middlename" placeholder="Middle initials" value="<?php if(isset($error)){ echo $_POST['middlename']; } ?><?php echo $middlename; ?>" >
 </div> 
</div>
<div class="form-group">    
 <label class="control-label col-sm-2" for="lastname">Last name</label>
 <div class="col-sm-10">
  <input type="text" required class="form-control" name="lastname" id="lastname" placeholder="Your last name" value="<?php if(isset($error)){ echo $_POST['lastname']; } ?><?php echo $lastname; ?>" >
 </div> 
</div>
<div class="form-group">
 <label class="control-label col-sm-2" for="email">Email</label>
 <div class="col-sm-10">
  <input type="email" required class="form-control" name="email" id="email" placeholder="Your email address" value="<?php if(isset($error)){ echo $_POST['email']; } ?><?php echo $email; ?>" >
 </div> 
</div>      
 <button type="submit" name="submit" value="submit" class="btn btn-default">Submit</button>
  </form>       
</div>
<?php 
//include footer
require('layout/footer.php'); 
?>

1 个答案:

答案 0 :(得分:1)

您可以将HTML表单的values更改为:

value="<?php 
if(isset($_POST['username'])) { 
    echo $_POST['username']; 
} else { 
    echo $username; 
} ?>"

提交的值将显示表单是否失败(您已用作$error)以及表单是否应成功提交和更新数据库。换句话说,它将始终具有$username或上次在表单中提交的值。

您还可以查看"Sanitize filters"以过滤掉用户发布的任何不需要的字符。

相关问题
最新问题