我以前存储的数据在更新数据时会自动删除
我目前正在工作门户网站项目中,可以在其中存储用户信息, 注册后在我的项目中,用户可以转到那里的仪表板,并在那里更新剩余的表格,例如教育详细信息和公司详细信息。但是之后,当用户喜欢更新表单中的任何字段之一时,它可以更新该字段,但是可以删除我的剩余字段,在教育详细信息字段或公司详细信息字段中。会发生什么这类问题?
updateprofile.php
<?php
session_start();
if(empty($_SESSION['id_user']))
{
header("Location: ../index.php");
exit();
}
require_once("../db.php");
if(isset($_POST))
{
//Escape Special Characters
$firstname = $conn->real_escape_string( $_POST['fname']);
$lastname = $conn->real_escape_string($_POST['lname']);
$gender = $conn->real_escape_string($_POST['gender']);
$contactno = $conn->real_escape_string($_POST['contactno']);
$address = $conn->real_escape_string($_POST['address']);
$city = $conn->real_escape_string($_POST['city']);
$state = $conn->real_escape_string($_POST['state']);
$aboutme = $conn->real_escape_string($_POST['aboutme']);
$qualification = $conn->real_escape_string($_POST['qualification']);
$stream = $conn->real_escape_string($_POST['stream']);
$coursetype = $conn->real_escape_string($_POST['coursetype']);
$university = $conn->real_escape_string($_POST['university']);
$passingyear = $conn->real_escape_string($_POST['passingyear']);
$skill = $conn->real_escape_string($_POST['skill']);
$industry = $conn->real_escape_string($_POST['industry']);
$functional_area = $conn->real_escape_string($_POST['functional_area']);
$role = $conn->real_escape_string($_POST['role']);
$is_current_job = $conn->real_escape_string($_POST['is_current_job']);
$startdate = $conn->real_escape_string($_POST['startdate']);
$enddate = $conn->real_escape_string($_POST['enddate']);
$current_compname = $conn->real_escape_string($_POST['current_compname']);
$current_salary = $conn->real_escape_string($_POST['current_salary']);
$designation = $conn->real_escape_string($_POST['designation']);
$notice_period = $conn->real_escape_string($_POST['notice_period']);
$job_desc = $conn->real_escape_string($_POST['job_desc']);
$experience = $conn->real_escape_string($_POST['experience']);
$current_location = $conn->real_escape_string($_POST['current_location']);
$prefer_location = $conn->real_escape_string($_POST['prefer_location']);
$uploadOk = true;
if(is_uploaded_file($_FILES['resume']['tmp_name']))
{
$folder_dir = "../uploads/resume/";
$base = basename($_FILES['resume']['name']);
$resumeFileType = pathinfo($base, PATHINFO_EXTENSION);
$file = uniqid() . "." . $resumeFileType;
$filename = $folder_dir .$file;
if(file_exists($_FILES['resume']['tmp_name']))
{
if($resumeFileType == "pdf")
{
if($_FILES['resume']['size'] < 500000)
{
// File size is less than 5MB
move_uploaded_file($_FILES["resume"]["tmp_name"], $filename);
}
else
{
$_SESSION['uploadError'] = "Wrong Size of file. Max Size Allowed : 5MB";
header("Location: edit_profile.php");
exit();
}
}
else
{
$_SESSION['uploadError'] = "Wrong Format of file only pdf Allowed.";
header("Location: edit_profile.php");
exit();
}
}
}
else
{
$uploadOk = false;
}
//Update User Details Query
$sql = "UPDATE user SET firstname='$firstname', lastname='$lastname',gender='$gender',contactno='$contactno', address='$address', city='$city', state='$state',aboutme='$aboutme',qualification='$qualification', stream='$stream',coursetype='$coursetype',university='$university',passingyear='$passingyear',skill='$skill',
industry='$industry',functional_area='$function_area',role='$role',is_current_job='$is_current_job',startdate='$startdate',enddate='$enddate',current_compname='$current_compname',current_salary='$current_salary',designation='$designation',notice_period='$notice_period',job_desc='$job_desc',experience='$experience',current_location='$current_location',prefer_location='$prefer_location'";
if($uploadOk == true)
{
$sql .= ",resume='$file'";
}
$sql .= " WHERE id_user='$_SESSION[id_user]'";
if($conn->query($sql) === TRUE)
{
//If data Updated successfully then redirect to dashboard
header("Location: index.php");
exit();
}
else
{
echo "Error ". $sql . "<br>" . $conn->error;
}
//Close database connection.
$conn->close();
}
else
{
//redirect them back to dashboard page if they didn't click update button
header("Location: edit_profile.php");
exit();
}
用户表的图像
1 个答案:
答案 0 :(得分:0)
使用准备好的语句和动态字段映射来仅更新其中具有价值的那些字段,这就是您的代码的样子
<?php
session_start();
if (empty($_SESSION['id_user'])) {
header("Location: ../index.php");
exit();
}
require_once("../db.php");
if (isset($_POST)) {
$uploadOk = true;
if (is_uploaded_file($_FILES['resume']['tmp_name'])) {
$folder_dir = "../uploads/resume/";
$base = basename($_FILES['resume']['name']);
$resumeFileType = pathinfo($base, PATHINFO_EXTENSION);
$file = uniqid() . "." . $resumeFileType;
$filename = $folder_dir . $file;
if (file_exists($_FILES['resume']['tmp_name'])) {
if ($resumeFileType == "pdf") {
if ($_FILES['resume']['size'] < 500000) {
// File size is less than 5MB
move_uploaded_file($_FILES["resume"]["tmp_name"], $filename);
} else {
$_SESSION['uploadError'] = "Wrong Size of file. Max Size Allowed : 5MB";
header("Location: edit_profile.php");
exit();
}
} else {
$_SESSION['uploadError'] = "Wrong Format of file only pdf Allowed.";
header("Location: edit_profile.php");
exit();
}
}
} else {
$uploadOk = false;
}
//Update User Details Query
$postf2sqlf = array(
'firstname' => 'firstname',
'lastname' => 'lastname',
'gender' => 'gender',
'contactno' => 'contactno',
'address' => 'address',
'city' => 'city',
'state' => 'state',
'aboutme' => 'aboutme',
'qualification' => 'qualification',
'stream' => 'stream',
'coursetype' => 'coursetype',
'university' => 'university',
'passingyear' => 'passingyear',
'skill' => 'skill',
'industry' => 'industry',
'functional_area' => 'function_area',
'role' => 'role',
'is_current_job' => 'is_current_job',
'startdate' => 'startdate',
'enddate' => 'enddate',
'current_compname' => 'current_compname',
'current_salary' => 'current_salary',
'designation' => 'designation',
'notice_period' => 'notice_period',
'job_desc' => 'job_desc',
'experience' => 'experience',
'current_location' => 'current_location',
'prefer_location' => 'prefer_location'
);
$sql = 'UPDATE `user` SET ';
$skipComma = true;
$params = array('');
foreach ($postf2sqlf as $p => $s) {
if (isset($_POST[$p]) && !empty($_POST[$p])) {
$sql .= ($skipComma ? '' : ',') . '`' . $s . '` = ?';
$params[] = &$_POST[$p];
$params[0] .= 's';
$skipComma = false;
}
}
if ($uploadOk == true) {
$sql .= ",resume=?";
$params = &$file;
$params[0] .= 's';
}
$sql .= " WHERE id_user=?";
$params[0] .= 's';
$params[] = &$_SESSION['id_user'];
$stmt = $db->prepare($sql);
call_user_func_array(array($stmt, 'bind_param'), $params);
$res = $stmt->execute();
if ($stmt->errno == 0) {
//If data Updated successfully then redirect to dashboard
header("Location: index.php");
exit();
} else {
echo "Error " . $sql . "<br>" . $conn->error;
}
//Close database connection.
$conn->close();
} else {
//redirect them back to dashboard page if they didn't click update button
header("Location: edit_profile.php");
exit();
}
说明
-
创建了
$postf2sqlf数组,将Form字段保留为索引,将sql字段名称保留为值。 -
遍历
$postf2sqlf并检查$_POST中的索引是否已设置并且不为空,开始收集传递$params中的引用的参数以在准备好的语句中使用以避免SQL注入。$params[0]保留已命名参数的类型(s =>字符串),因为mysqli_statement::bind_param要求这样做,并在添加参数时将另一个s连接起来。 (对于严格的sql来说,可以使用其他类型代替s来检查它们的类型,但是为了简单起见,我使用s) -
通过传递引用收集变量的原因是因为mysqli_statement :: bind_param要求变量通过引用传递。
-
call_user_func_array用于调用mysqli_statement::bind_param的{{1}},每个索引都是不同的参数。 -
最后,对
$params进行了0校验(0表示没有错误),以检查其是否正确完成。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?