PHP / MySQL允许当前用户编辑他们的帐户信息

时间:2012-11-21 04:28:30

标签: php html mysql database phpmyadmin

我创建了2页

update.php
edit.php

我们从edit.php开始,所以这里是edit.php的脚本

<?php
session_start();
$id = $_SESSION["id"];
$username = $_POST["username"];
$fname = $_POST["fname"];
$password = $_POST["password"];
$email = $_POST["email"];

mysql_connect('mysql13.000webhost.com', 'a2670376_Users', 'Password') or     die(mysql_error());
echo "MySQL Connection Established! <br>";

mysql_select_db("a2670376_Pass") or die(mysql_error());
echo "Database Found! <br>";

$query = "UPDATE members SET username = '$username', fname = '$fname', 
password = '$password' WHERE id = '$id'";

$res = mysql_query($query);

if ($res)
echo "<p>Record Updated<p>";
else
echo "Problem updating record. MySQL Error: " . mysql_error();
?>

<form action="update.php" method="post">
<input type="hidden" name="id" value="<?=$id;?>">
ScreenName:<br> <input type='text' name='username' id='username' maxlength='25'   style='width:247px' name="username" value="<?=$username;?>"/><br>
FullName:<br> <input type='text' name='fname' id='fname' maxlength='20' style='width:248px'     name="ud_img" value="<?=$fname;?>"/><br>
Email:<br> <input type='text' name='email' id='email' maxlength='50' style='width:250px'    name="ud_img" value="<?=$email;?>"/><br>
Password:<br> <input type='text' name='password' id='password' maxlength='25'     style='width:251px' value="<?=$password;?>"/><br>
<input type="Submit">
</form>

现在这里是我遇到主要问题的update.php页面

<?php
session_start();
mysql_connect('mysql13.000webhost.com', 'a2670376_Users', 'Password') or   die(mysql_error());
mysql_select_db("a2670376_Pass") or die(mysql_error());

$id = (int)$_SESSION["id"];

$username = mysql_real_escape_string($_POST["username"]);
$fname = mysql_real_escape_string($_POST["fname"]);
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);


$query="UPDATE members
SET username = '$username', fname = '$fname', email = '$email', password = '$password'
WHERE id='$id'";


mysql_query($query)or die(mysql_error());
if(mysql_affected_rows()>=1){
echo "<p>($id) Record Updated<p>";
}else{
echo "<p>($id) Not Updated<p>";
}
?> 

现在在edit.php上我填写表单来编辑帐户“test”,而我现在登录后一旦填写完表单我点击提交按钮 它需要我update.php并返回此

(0) Not Updated  

(0) <= id of user logged in

Not Updated <= MySql Error from  


mysql_query($query)or die(mysql_error());
if(mysql_affected_rows()>=1){

我希望它能够更新登录的用户,如果我在这个脚本中没有弄错,那就说

  $id = (int)$_SESSION["id"];

使用登录人员的ID更新用户

但它没有更新,它说没有表格生效

如果它有助于我的MySQL数据库图片 只需点击此处http://i50.tinypic.com/21juqfq.png

如果这可能是找到解决方案的任何帮助我还有2个文件delete.php和delete_ac.php他们可以从我的sql数据库中删除用户并且他们显示用户ID并且它的工作原理没有错误脚本根本不要对下面的脚本提出建议 delete.php首先

    <?php

$host="mysql13.000webhost.com"; // Host name 
$username="a2670376_Users"; // Mysql username 
$password="PASSWORD"; // Mysql password 
$db_name="a2670376_Pass"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// select record from mysql 
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);
?>

<table border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td colspan="8" style="bgcolor: #FFFFFF"><strong><img src="http://i47.tinypic.com/u6ihk.png" height="30" widht="30">Delete data in mysql</strong> </td>
</tr>

<tr>
<td align="center" bgcolor="#FFFFFF"><strong>Id</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>UserName</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>FullName</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Password</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Email</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Date</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Ip</strong></td>
<td align="center" bgcolor="#FFFFFF">&nbsp;</td>
</tr>

<?php
while($rows=mysql_fetch_array($result)){
?>

<tr>
<td bgcolor="#FFFFFF"><? echo $rows['id']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['username']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['fname']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['password']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['email']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['date']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['ip']; ?></td>
<td bgcolor="#FFFFFF"><a href="delete_ac.php?id=<? echo $rows['id']; ?>">delete</a></td>
</tr>

<?php
// close while loop 
}
?>

</table>

<?php
// close connection; 
sql_close();
?>

现在是delete_ac.php

<table width="500" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td colspan="8" bgcolor="#FFFFFF"><strong><img src="http://t2.gstatic.com/images?           q=tbn:ANd9GcS_kwpNSSt3UuBHxq5zhkJQAlPnaXyePaw07R652f4StmvIQAAf6g" height="30"     widht="30">Removal Of Account</strong> </td>
</tr>

<tr>
<td align="center" bgcolor="#FFFFFF">
<?php

$host="mysql13.000webhost.com"; // Host name 
$username="a2670376_Users"; // Mysql username 
$password="javascript00"; // Mysql password 
$db_name="a2670376_Pass"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// get value of id that sent from address bar 
$id=$_GET['id'];

// Delete data in mysql from row that has this id 
$sql="DELETE FROM $tbl_name WHERE id='$id'";
$result=mysql_query($sql);

// if successfully deleted
if($result){
echo "Deleted Successfully";
echo "<BR>";
echo "<a href='delete.php'>Back to main page</a>";
}

else {
echo "ERROR";
}
?> 

<?php
// close connection 
mysql_close();
?>
</td>
</tr>
</table>

4 个答案:

答案 0 :(得分:1)

尝试以下查询,并在此处发布输出。还要在phpmyadmin中执行相同的echo查询,看看发生了什么。

echo $query="UPDATE members
SET username = '$username', fname = '$fname', email = '$email', password = '$password'
WHERE id=$id";

从你的链接看来,任何人都可以直接去编辑页面,这是错误的。

您需要添加条件,如果用户登录,那么只有他可以更新他的个人资料。

答案 1 :(得分:0)

如果$ id实际上设置为某个值而不是空,你可以查看edit.php吗?可能是id永远不会存储在会话中

答案 2 :(得分:0)

现在你的$ id为null。 (int)$ id为0。 因此,当您尝试更新WHERE id = $ id时,您基本上是在说WHERE id = 0 如果id是一个Auto Increment Integer,那么你将不会有id = 0并且不会更新任何内容。您需要通过在其中添加内容来创建$ _SESSION ['id']。     $ _SESSION ['id'] = XXXX;

答案 3 :(得分:0)

$sqlshow =@ mysqli_query($con,"SELECT `id`, `Registration_No`, `First_Name`, `Middle_Name`, `Sir_Name`, `Sex`, `Birth_Day`, `Email`, `Address`, `Phone` FROM `cdtistudent` WHERE id=40"); while($row = @mysqli_fetch_object($sqlshow)) {

update.php page

if(isset($_POST["update"])){
	
	$Registration = $_POST['Registration'];
	$First_Name = $_POST['First'];
	$Middle_Name = $_POST['Middle'];
	$Sir_Name = $_POST['Sir'];
	$Sex = $_POST['Sex'];
	$Birth_Day = $_POST['Birth'];
	$Email = $_POST['Email'];
	$Address = $_POST['Address'];
	$Phone=$_POST['Phone'];
	$id=$_POST['id'];
	
	
	$sqlupdate =mysqli_query($con,"UPDATE  cdtistudent
	SET 
	Registration_No='$Registration',
	First_Name='$First_Name',
	Middle_Name='$Middle_Name',
	Sir_Name='$Sir_Name',
	Sex='$Sex',
	Birth_Day='$Birth_Day',
	Email='$Email',
	Address='$Address',
	Phone='$Phone'
	WHERE id='$id'");
	
	if($sqlupdate  === false){
			
			die("".mysqli_error($con));

	
}}

它看起来像是 更新cdtistudent设置id = [值-1],Registration_No = [值-2]
First_Name = [值-3],{{1 }} = [值-4],Middle_Name = [值-5],
Sir_Name = [值-6],Sex = [值-7],{ {1}} = [value-8],Birth_Day = [value-9],Email = [value-10] WHERE id =?;

和edit.php页面

Address