一切正常,除非($ _ POST ['submit'] =='更新')

时间:2012-04-08 05:16:03

标签: php mysql

我有一个有效的注册和登录系统。我正在尝试创建一个用户可以添加产品注册信息的表单(通过mysql更新)。我似乎无法让db实际更新字段。我在这里想念的是什么?!?

<?php 

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined


session_name('tzLogin');
// Starting the session

session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks

session_start();

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
    // If you are logged in, but you don't have the tzRemember cookie (browser restart)
    // and you have not checked the rememberMe checkbox:

    $_SESSION = array();
    session_destroy();

    // Destroy the session
}


if(isset($_GET['logoff']))
{
    $_SESSION = array();
    session_destroy();

    header("Location: index_login3.php");
    exit;
}

if($_POST['submit']=='Login')
{
    // Checking whether the Login form has been submitted

    $err = array();
    // Will hold our errors


    if(!$_POST['username'] || !$_POST['password'])
        $err[] = 'All the fields must be filled in!';

    if(!count($err))
    {
        $_POST['username'] = mysql_real_escape_string($_POST['username']);
        $_POST['password'] = mysql_real_escape_string($_POST['password']);
        $_POST['rememberMe'] = (int)$_POST['rememberMe'];

        // Escaping all input data

        $row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

        if($row['usr'])
        {
            // If everything is OK login

            $_SESSION['usr']=$row['usr'];
            $_SESSION['id'] = $row['id'];
            $_SESSION['email'] = $row['email'];
            $_SESSION['first'] = $row['first'];
            $_SESSION['last'] = $row['last'];
            $_SESSION['address1'] = $row['address1'];
            $_SESSION['address2'] = $row['address2'];
            $_SESSION['city'] = $row['city'];
            $_SESSION['state'] = $row['state'];
            $_SESSION['zip'] = $row['zip'];
            $_SESSION['country'] = $row['country'];
            $_SESSION['product1'] = $row['product1'];
            $_SESSION['serial1'] = $row['serial1'];
            $_SESSION['product2'] = $row['product2'];
            $_SESSION['serial2'] = $row['serial2'];
            $_SESSION['product3'] = $row['product3'];
            $_SESSION['serial3'] = $row['serial3'];
            $_SESSION['rememberMe'] = $_POST['rememberMe'];

            // Store some data in the session

            setcookie('tzRemember',$_POST['rememberMe']);

        }


        else $err[]='Wrong username and/or password!';
    }

    if($err)
    $_SESSION['msg']['login-err'] = implode('<br />',$err);
    // Save the error messages in the session

    header("Location: index_login3.php");
    exit;

}
else if($_POST['submit']=='Register')
{
    // If the Register form has been submitted

    $err = array();

    if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
    {
        $err[]='Your username must be between 3 and 32 characters!';
    }

    if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
    {
        $err[]='Your username contains invalid characters!';
    }

    if(!checkEmail($_POST['email']))
    {
        $err[]='Your email is not valid!';
    }

    if(!count($err))
    {
        // If there are no errors

        $pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
        // Generate a random password

        $_POST['email'] = mysql_real_escape_string($_POST['email']);
        $_POST['username'] = mysql_real_escape_string($_POST['username']);
        $_POST['first'] = mysql_real_escape_string($_POST['first']);
        $_POST['last'] = mysql_real_escape_string($_POST['last']);
        $_POST['address1'] = mysql_real_escape_string($_POST['address1']);
        $_POST['address2'] = mysql_real_escape_string($_POST['address2']);
        $_POST['city'] = mysql_real_escape_string($_POST['city']);
        $_POST['state'] = mysql_real_escape_string($_POST['state']);
        $_POST['zip'] = mysql_real_escape_string($_POST['zip']);
        $_POST['country'] = mysql_real_escape_string($_POST['country']);
        // Escape the input data


        mysql_query("   INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt) 
                        VALUES(

                            '".$_POST['username']."',
                            '".md5($pass)."',
                            '".$_POST['email']."',
                            '".$_POST['first']."',
                            '".$_POST['last']."',
                            '".$_POST['address1']."',
                            '".$_POST['address2']."',
                            '".$_POST['city']."',
                            '".$_POST['state']."',
                            '".$_POST['zip']."',
                            '".$_POST['country']."',
                            '".$_SERVER['REMOTE_ADDR']."',
                            NOW()

                        )");

        if(mysql_affected_rows($link)==1)
        {
            send_mail(  'noreply@electrixpro.com',
                        $_POST['email'],
                        'Your New Electrix User Password',
                        'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);

            $_SESSION['msg']['reg-success']='We sent you an email with your new password!';
        }
        else $err[]='This username is already taken!';
    }

    if(count($err))
    {
        $_SESSION['msg']['reg-err'] = implode('<br />',$err);
    }   

    header("Location: index_login3.php");
    exit;
}

if($_POST['submit']=='Update')

{   

    {
      mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}' 
              VALUES(

              '".$_POST['product1']."',
              '".$_POST['serial1']."',
              '".$_POST['product2']."',
              '".$_POST['serial2']."',
              '".$_POST['product3']."',
              '".$_POST['serial3']."',                          

          )");          

        if(mysql_affected_rows($link)==1)
        {
            $_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
        }
        else $err[]='So Sad!';
    }

    if(count($err))
    {
        $_SESSION['msg']['upd-err'] = implode('<br />',$err);
    }   

    header("Location: index_login3.php");
    exit;

}

if($_SESSION['msg'])
{
    // The script below shows the sliding panel on page load

    $script = '
    <script type="text/javascript">

        $(function(){

            $("div#panel").show();
            $("#toggle a").toggle();
        });

    </script>';

}
?>

以下是表格:

   <!-- Panel -->
<div id="toppanel">
    <div id="panel">
        <div class="content clearfix">
            <div class="left">
                <h1>My Electrix Account </h1>
                <p class="grey">View and edit your contact information and product registrations</p>
            </div>


            <?php

            if(!$_SESSION['id']):

            ?>

            <div class="left">
                <!-- Login Form -->
                <form class="clearfix" action="" method="post">
                    <h1>Member Login</h1>

                    <?php

                        if($_SESSION['msg']['login-err'])
                        {
                            echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
                            unset($_SESSION['msg']['login-err']);
                        }
                    ?>

                    <label class="grey" for="username">Username:</label>
                    <input class="field" type="text" name="username" id="username" value="" size="23" />
                    <label class="grey" for="password">Password:</label>
                    <input class="field" type="password" name="password" id="password" size="23" />
                    <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> &nbsp;Remember me</label>
                    <div class="clear"></div>
                    <input type="submit" name="submit" value="Login" class="bt_login" />
                </form>
            </div>
            <div class="left right">            
                <!-- Register Form -->
                <form action="" method="post">
                    <h1>Not a member yet? Sign Up!</h1>     

                    <?php

                        if($_SESSION['msg']['reg-err'])
                        {
                            echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
                            unset($_SESSION['msg']['reg-err']);
                        }

                        if($_SESSION['msg']['reg-success'])
                        {
                            echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
                            unset($_SESSION['msg']['reg-success']);
                        }
                    ?>

                    <label class="grey" for="username">Username*:</label>
                    <input class="field" type="text" name="username" id="username" value="" size="23" />
                    <label class="grey" for="email">Email*:</label>
                    <input class="field" type="text" name="email" id="email" size="23" />
                    <label class="grey" for="first">First Name:</label>
                    <input class="field" type="text" name="first" id="first" size="23" />
                    <label class="grey" for="last">Last Name:</label>
                    <input class="field" type="text" name="last" id="last" size="23" />
                    <label class="grey" for="address1">Address line 1:</label>
                    <input class="field" type="text" name="address1" id="address1" size="23" />
                    <label class="grey" for="address2">Address line 2:</label>
                    <input class="field" type="text" name="address2" id="address2" size="23" />
                    <label class="grey" for="city">City:</label>
                    <input class="field" type="text" name="city" id="city" size="23" />
                    <label class="grey" for="state">State/Province:</label>
                    <input class="field" type="text" name="state" id="state" size="23" />
                    <label class="grey" for="zip">Zip/Postal Code:</label>
                    <input class="field" type="text" name="zip" id="zip" size="23" />
                    <label class="grey" for="country">Country:</label>
                    <input class="field" type="text" name="country" id="country" size="23" />
                    <p>
                    <label>A password will be e-mailed to you.</label>
                    <input type="submit" name="submit" value="Register" class="bt_register" />
                    </p>
                </form>
            </div>

            <?php

            else:

            ?>


            <div class="left">

            <h1>User Information</h1>            

            <p>
            <?php echo $_SESSION['first']; ?>
            <?php echo $_SESSION['last']; ?><br />
            <?php echo $_SESSION['address1']; ?>
            <?php echo $_SESSION['address2']; ?><br />
            <?php echo $_SESSION['city']; ?>,
            <?php echo $_SESSION['state']; ?>
            <?php echo $_SESSION['zip']; ?><br />
            <?php echo $_SESSION['country']; ?>
            </p>
            <p>Email: <?php echo $_SESSION['email']; ?></p>
            <p><a href="downloads.php">Downloads</a></p>
            <a href="?logoff">Log off</a>

            </div>

            <div class="left right">

                <!-- Product Registration Form -->

                <form class="clearfix" action="" method="post">
                    <h1>Product Registration</h1>

                    <?php

                        if($_SESSION['msg']['upd-err'])
                        {
                            echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
                            unset($_SESSION['msg']['upd-err']);
                        }

                        if($_SESSION['msg']['upd-success'])
                        {
                            echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
                            unset($_SESSION['msg']['upd-success']);
                        }
                    ?>

                    <label class="grey" for="product1">Product 1:</label>
                    <input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
                    <label class="grey" for="serial1">Serial 1:</label>
                    <input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
                    <label class="grey" for="product2">Product 2:</label>
                    <input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
                    <label class="grey" for="serial2">Serial 2:</label>
                    <input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
                    <label class="grey" for="product3">Product 3:</label>
                    <input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
                    <label class="grey" for="serial3">Serial 3:</label>
                    <input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
                    <div class="clear"></div>
                    <input type="submit" name="submit" value="Update" class="bt_login" />
                </form>

            </div>

            <?php
            endif;
            ?>
        </div>
    </div> <!-- /login -->  



    <!-- The tab on top --> 
    <div class="tab">
        <ul class="login">
            <li class="left">&nbsp;</li>
            <li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
            <li class="sep">|</li>
            <li id="toggle">
                <a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
                <a id="close" style="display: none;" class="close" href="#">Close Panel</a>         
            </li>
            <li class="right">&nbsp;</li>
        </ul> 
    </div> <!-- / top -->

</div> <!--panel -->

1 个答案:

答案 0 :(得分:0)

您的更新查询已关闭。您需要以

的形式执行此操作
UPDATE `tablename` 
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`

更改您的查询,看看是否有帮助。

您的查询应该是

UPDATE electrix_users
SET 
    product1= $_POST['product1'],
    serial1 = $_POST['serial1'],
    product2 = $_POST['product2'],
    serial2 = $_POST['serial2'],
    product3 = $_POST['product3'],
    serial3 = $_POST['serial3']
WHERE usr=$_POST['username']

但是,对于任何用户输入的数据,您应该始终清除sql注入。我没有在示例中这样做,因为这是你应该以自己的方式做的事情。这个例子是作为一个例子给你的,并没有阻止任何类型的SQL注入现在。

总是做什么可以防止SQL注入!