我正在尝试使用会话更新用户个人资料。假设,用户配置文件页面将相应地更新登录用户的配置文件。以下是user_profile.php的示例代码: -
<?php
session_start();
ob_start();
include("../function/dbconnect.php");
include("header.php");
?>
<html>
<body>
<?php
if(isset($_SESSION['VALID_USER'])){
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."'");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
?>
<form action="user_profile.php" method="POST">
<div>Your Profile</div>
<table border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td><div>Username:</div></td>
<td><input type="text" name="username" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><div align="left" id="tb-name">Password:</div></td>
<td><input type="text" name="password" value="<?php echo $query2['password']; ?>" /></td>
</tr>
</table>
<input type="submit" name="submit" value="Update" />
</form>
<?php
// close while loop
}}
?>
<?php
// close connection;
mysql_close();
?>
</br>
</body>
</html>
页面返回空白。我正在为user_profile.php页面编写其他几个代码但是,我得到的结果是相同的......我使用下面的代码来管理员来更新用户配置文件。
include('function/dbconnect.php');
if(isset($_GET['id']))
{
$id=$_GET['id'];
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$user_type = $_POST['user_type'];
$query3 = mysql_query("UPDATE tbl_staffs
SET username='$username', email='$email', password='$password', WHERE id='$id'");
if ($query3)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_list.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_list.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE id='$id'");
$query2=mysql_fetch_array($query1);
<form method="post">
<tr>
<td><b>Username:</b></td><td><input type="text" name="username" style="width:255px" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><b>Email:</b></td><td><input type="text" name="email" style="width:255px" value="<?php echo $query2['email']; ?>" /></td>
</tr>
<tr>
<td><b>Password:</b></td><td><input type="text" name="password" style="width:255px" value="<?php echo $query2['password']; ?>" /></td>
</tr>
<tr>
<td colspan="2" align="right">
<br />
<span title="Click to update the user details"><input type="submit" name="submit" value="Update" /></span>
</td>
</tr>
</table>
</form>
<?php
}
?>
显然,它可以正常工作。但是,当我试图暗示用户代码以便他们可以更新自己的配置文件时,代码将无法正常工作。我在哪里做错了?
答案 0 :(得分:0)
首先检查你的会话是否存在,然后替换&#34; .mysql_real_escape_string($ _ SESSION [&#34; VALID_USER&#34;])。&#34;在您的查询中通过像
这样的变量$VALID_USER=mysql_real_escape_string($_SESSION["VALID_USER"]);
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='$VALID_USER");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='$' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);