通过“我的帐户/个人资料”页面更新数据库中的表单字段值

时间:2016-08-04 09:28:21

标签: php pdo

我使用以下代码进行客户注册&登录,它工作正常。

数据库连接 

<?php
class Database
{

    private $host = "localhost";
    private $db_name = "dbname";
    private $username = "root";
    private $password = "helpme";
    public $conn;

    public function dbConnection()
    {

        $this->conn = null;    
        try
        {
            $this->conn = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->db_name, $this->username, $this->password);
            $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);   
        }
        catch(PDOException $exception)
        {
            echo "Connection error: " . $exception->getMessage();
        }

        return $this->conn;
    }
}
?>

注册 

<?php
session_start();
require_once 'class.user.php';

$reg_user = new USER();

if($reg_user->is_logged_in()!="")
{
    $reg_user->redirect('home.php');
}

if(isset($_POST['btn-signup']))
{   
    $uname = trim($_POST['txtuname']);
    $email = trim($_POST['txtemail']);
    $upass = trim($_POST['txtpass']);
    $cpass = trim($_POST['txtcpass']);
    $phone = trim($_POST['phone']);
    $street_address = trim($_POST['street_address']);
    $street_address_2 = trim($_POST['street_address_2']);
    $city = trim($_POST['city']);
    $state = trim($_POST['state']);
    $zip_code = trim($_POST['zip_code']);
    $country = trim($_POST['country']);
    $code = md5(uniqid(rand()));

    $stmt = $reg_user->runQuery("SELECT * FROM tbl_users WHERE userEmail=:email_id");
    $stmt->execute(array(":email_id"=>$email));
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    if($stmt->rowCount() > 0)
    {
        $msg = "
              <div class='alert alert-error'>
                <button class='close' data-dismiss='alert'>&times;</button>
                    <strong>Sorry !</strong>  email allready exists , Please Try another one
              </div>
              ";
    }
    if($upass != $cpass){

    $msg = "passwords doesn't match";
}
    else
    {
        if($reg_user->register($uname,$email,$upass, $code, $phone, $street_address, $street_address_2 , $city , $state , $zip_code , $country ))
        {           
            $id = $reg_user->lasdID();      
            $key = base64_encode($id);
            $id = $key;

            $message = "                    
                        Hello $uname,
                        <br /><br />
                        Welcome to designer!<br/>
                        To complete your registration  please , just click following link<br/>
                        <br /><br />
                        <a href='http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]'.'verify.php?id=$id&code=$code'>Click HERE to Activate :)</a>

                        <br /><br />
                        Thanks,";

            $subject = "Confirm Registration";

            $reg_user->send_mail($email,$message,$subject); 
            $msg = "
                    <div class='alert alert-success'>
                        <button class='close' data-dismiss='alert'>&times;</button>
                        <strong>Success!</strong>  We've sent an email to $email.
                    Please click on the confirmation link in the email to create your account. 
                    </div>
                    ";
        }
        else
        {
            echo "sorry , Query could no execute...";
        }       
    }
}
?>
<!DOCTYPE html>
<html>
  <head>
  </head>
  <body id="login">
    <div class="container">
                <?php if(isset($msg)) echo $msg;  ?>
      <form class="form-signin" method="post">
        <h2 class="form-signin-heading">Sign Up</h2><hr />
        <input type="text" class="input-block-level" placeholder="Username" name="txtuname" required />
        <input type="email" class="input-block-level" placeholder="Email address" name="txtemail" required />
        <input id="pass1"  type="password" class="input-block-level" placeholder="Password" name="txtpass" required />
        <input id="pass2" type="password" class="input-block-level" placeholder="confirm Password" name="txtcpass" required />
        <input type="text" class="input-block-level" placeholder="Telephone" name="phone"  />
        <input type="text" class="input-block-level" placeholder="Street Address" name="street_address"  />
        <input type="text" class="input-block-level" placeholder="Stree Address 2" name="street_address_2" />
        <input type="text" class="input-block-level" placeholder="city" name="city"  />
        <input type="text" class="input-block-level" placeholder="state" name="state"  />
        <input type="text" class="input-block-level" placeholder="zip code" name="zip_code"  />
        <input type="text" class="input-block-level" placeholder="country" name="country"  />
        <hr />

        <input class="btn btn-large btn-primary" name="btn-signup" type="submit" id="btnSubmit" value="Sign Up" onclick="return comparePasswords()" />
        <a href="index.php" style="float:right;" class="btn btn-large">Sign In</a>
      </form>

    </div> <!-- /container -->
    <script src="vendors/jquery-1.9.1.min.js"></script>
    <script src="bootstrap/js/bootstrap.min.js"></script>
  </body>
</html>

class.user.php 

<?php
require_once 'dbconfig.php';

class USER
{   

    private $conn;

    public function __construct()
    {
        $database = new Database();
        $db = $database->dbConnection();
        $this->conn = $db;
    }

    public function runQuery($sql)
    {
        $stmt = $this->conn->prepare($sql);
        return $stmt;
    }

    public function lasdID()
    {
        $stmt = $this->conn->lastInsertId();
        return $stmt;
    }

    public function register($uname,$email,$upass, $code, $phone, $street_address, $street_address_2 , $city , $state , $zip_code , $country)
    {
        try
        {                           
            $password = md5($upass);
            $stmt = $this->conn->prepare("INSERT INTO tbl_users(userName,userEmail,userPass, tokenCode, phone, street_address, street_address_2 , city , state , zip_code , country) 
                                                         VALUES(:user_name, :user_mail, :user_pass, :active_code, :phone , :street_address, :street_address_2 , :city , :state , :zip_code , :country)");
            $stmt->bindparam(":user_name",$uname);
            $stmt->bindparam(":user_mail",$email);
            $stmt->bindparam(":user_pass",$password);
            $stmt->bindparam(":active_code",$code);
            $stmt->bindparam(":phone",$phone);
            $stmt->bindparam(":street_address",$street_address);
            $stmt->bindparam(":street_address_2",$street_address_2);
            $stmt->bindparam(":city",$city);
            $stmt->bindparam(":state",$state);
            $stmt->bindparam(":zip_code",$zip_code);
            $stmt->bindparam(":country",$country);          
            $stmt->execute();   
            return $stmt;
        }
        catch(PDOException $ex)
        {
            echo $ex->getMessage();
        }
    }

    public function login($email,$upass)
    {
        try
        {
            $stmt = $this->conn->prepare("SELECT * FROM tbl_users WHERE userEmail=:email_id");
            $stmt->execute(array(":email_id"=>$email));
            $userRow=$stmt->fetch(PDO::FETCH_ASSOC);

            if($stmt->rowCount() == 1)
            {
                if($userRow['userStatus']=="Y")
                {
                    if($userRow['userPass']==md5($upass))
                    {
                        $_SESSION['userSession'] = $userRow['userID'];
                        return true;
                    }
                    else
                    {
                        header("Location: index.php?error");
                        exit;
                    }
                }
                else
                {
                    header("Location: index.php?inactive");
                    exit;
                }   
            }
            else
            {
                header("Location: index.php?error");
                exit;
            }       
        }
        catch(PDOException $ex)
        {
            echo $ex->getMessage();
        }
    }


    public function is_logged_in()
    {
        if(isset($_SESSION['userSession']))
        {
            return true;
        }
    }

    public function redirect($url)
    {
        header("Location: $url");
    }


}

home.php [客户将在登录后重定向到此主页/个人资料页面] 

<?php

//Initializing variable
session_start();
require_once 'class.user.php';
$user_home = new USER();

if(!$user_home->is_logged_in())
{
    $user_home->redirect('index.php');
}

$stmt = $user_home->runQuery("SELECT * FROM tbl_users WHERE userID=:uid");
$stmt->execute(array(":uid"=>$_SESSION['userSession']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

?>

在注册页面中我们有姓名,电子邮件,城市,邮编......等等。

我需要为客户提供一个选项,以便在个人资料页面中更新这些字段。

一旦客户登录,他将重定向到该页面中的个人资料/主页

我想显示所有表单字段并提供&#34;编辑&#34;按钮,一旦他点击该按钮,他应该能够更新姓名,电子邮件等的值。

我尝试添加以下代码,但不适合我。

class.user.php 

public function update($uname,$email,$phone) {
        try {
        $stmt = $this->_db->prepare('UPDATE tbl_users SET userName = ?, userEmail = ?, phone = ? WHERE userID = ? ');
        $stmt->execute(array($uname,$email,$phone,$_SESSION['userID']));
        return $stmt->fetch();
        } catch(PDOException $e) {
            echo '<p class="bg-danger">'.$e->getMessage().'</p>';
        }
    }

主页或个人资料[home.php] 

$FORM['uname'] = "";
$FORM['txtuname'] = "";
if (isset($_POST['submit'])) {
// new data
$uname = $_POST['txtuname'];
$email = $_POST['txtemail'];
$phone = $_POST['phone'];
$uid = (isset($_GET['userID']) ? intval($_GET['userID']) : -1);

// query
if ($uid->update($uname,$email,$phone,$userID)); {
    redirect('home.php');
}
}

<form action="home.php" method="POST">

Name<br>
<input type="text" name="txtuname" value="<?php echo $_SESSION['txtuname'] ?>" /><br>
Email<br>
<input type="text" name="txtemail" value="<?php echo $_SESSION['email'] ?>" /><br>
Phone<br>
<input type="text" name="phone" value="<?php echo $_SESSION['phone'] ?>" /><br>
<input type="submit" name="submit" value="Save" />
</form>

给出错误:致命错误:在行中的非对象上调用成员函数update()

if ($uid->update($uname,$email,$phone,$userID)); {

enter image description here

4 个答案:

答案 0 :(得分:1)

$uid不是用户对象,因此您无法在其上调用update。 您应首先从数据库中检索由其ID标识的用户对象,然后在其上调用update。

此外,您在 class.user.php 中遇到错误:

$stmt = $this->_db->prepare('UPDATE tbl_users SET userName = ?, userEmail = ?, phone = ? WHERE userID = ? ');

应该是:

$stmt = $this->conn->prepare('UPDATE tbl_users SET userName = ?, userEmail = ?, phone = ? WHERE userID = ? ');

然后在 home.php 中,您可以执行以下操作:

$user_home = new USER();
// query
if ($user_home->update($uname,$email,$phone,$uid)); {
    $user_home->redirect('home.php');
}

另一个问题是,您将用户ID分配给$_SESSION['userSession'],因此您必须在 class.user.php 中更改更新功能:

public function update($uname,$email,$phone) {
    try {
    $stmt = $this->conn->prepare('UPDATE tbl_users SET userName = ?, userEmail = ?, phone = ? WHERE userID = ? ');
    $stmt->execute(array($uname,$email,$phone,$_SESSION['userSession']));
    return $stmt->fetch();
    } catch(PDOException $e) {
        echo '<p class="bg-danger">'.$e->getMessage().'</p>';
    }
}

最后(因为您目前没有在会话中保存用户电子邮件等) home.php 底部的表单应该看起来像这样(现在包括编辑按钮):

&#13;
&#13; 
<script>function toggle() { var can = document.getElementsByName("submit"); for (i = 0; i < can.length; i++) { can[i].style.display = can[i].style.display === 'none' ? 'block' : 'none'; }}</script>

<form action="home.php" method="POST">
Name<br>
<input type="text" name="txtuname" value="<?php echo $row['userName'] ?>" /><br>
Email<br>
<input type="text" name="txtemail" value="<?php echo $row['userEmail'] ?>" /><br>
Phone<br>
<input type="text" name="phone" value="<?php echo $row['phone'] ?>" /><br>

<input id="sub" type="submit" name="submit" value="Save" style="display:none" />
</form>
<button name="submit" onclick="toggle()">Edit</button>
	
</html>
&#13;
&#13;
&#13;

答案 1 :(得分:1)

根据您的代码,$uid是一个整数,-1userID GET参数。

可能你想要像

这样的东西 
$user_home->update( ..., $uid );

相反,假设缺少$user_home = new USER();。或者可能必须创建USER的任何其他实例

$another = new USER();
...
$another->update( ..., $uid );

答案 2 :(得分:1)

为什么要在会话中存储所有用户信息。用户ID或用户名应该在get变量中传递。然后,如果它不需要继续杀死脚本,则验证它是否存在。重定向到错误页面或其他内容。此外,如果来自会话的user_id等于get user_id,则只允许用户编辑,这意味着用户访问当前页面。主人是否可以修改它。表单中的值应该是数据库的结果。您也没有电子邮件或文本输入验证。就像检查确保它是真正的电子邮件。检查以确保在提交表单时文本只是字母和数字。

就你的错误而言,你在哪里宣布你的对象?我没有看到它。

它必须是这样的。

$user_home = new USER();
then you can call update like so
$uid = $user_home->update($uname,$email,$phone,$userID);

你这里有错误

 public function update($uname,$email,$phone) { try { $stmt = $this->_db->prepare('UPDATE tbl_users SET userName = ?, userEmail = ?, phone = ? WHERE userID = ? '); $stmt->execute(array($uname,$email,$phone,$_SESSION['userID'‌​])); return $stmt->fetch(); } catch(PDOException $e) { echo '<p class="bg-danger">'.$e->getMessage().'</p>'; } }

从像这样的

中删除_ 
$stmt = $this->db->prepare('UPDATE tbl_users SET userName = ?, userEmail = ?, phone = ? WHERE userID = ? '

答案 3 :(得分:0)

根据您提供的示例以及您可能不需要重写太多代码的事实,我认为我可以快速解决您的问题。这是您的home.php页面

<?php

//Initializing variable
session_start();
require_once 'class.user.php';
$user_home = new USER();

if(!$user_home->is_logged_in())
{
    $user_home->redirect('index.php');
}

$stmt = $user_home->runQuery("SELECT * FROM tbl_users WHERE userID=:uid");
$stmt->execute(array(":uid"=>$_SESSION['userSession']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

?>

像这样重写

<?php

//Initializing variable
session_start();
require_once 'class.user.php';
$user_home = new USER();

// Fetch user from database based on user id
$stmt = $user_home->runQuery("SELECT * FROM tbl_users WHERE userID=:uid");
$stmt->execute(array(":uid"=>$_SESSION['userSession']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
// $row will provide the old values stored in database if you want them to be displayed as initial values inside your input fields

if(!$user_home->is_logged_in())
{
    $user_home->redirect('index.php');
} else {
// adding this here ensures that the $user_home object exists
require_once("profile.php");
}    
?>

然后您的profile.php页面就像这个简单的例子。

if (isset($_POST['submit'])) {
// new data
$uname = $_POST['txtuname'];
$email = $_POST['txtemail'];
$phone = $_POST['phone'];
$userID= $row['userID'];

// query
$user_home->update($uname,$email,$phone,$userID)); 
}

<form action="" method="POST">    
Name<br>
<input type="text" name="txtuname" value="<?php echo $row['userName'] ?>" /><br>
Email<br>
<input type="text" name="txtemail" value="<?php echo $row['userEmail'] ?>" /><br>
Phone<br>
<input type="text" name="phone" value="<?php echo $row['userPhone'] ?>" /><br>
<input type="submit" name="submit" value="Save" />
</form>
相关问题
最新问题