我有一个供用户编辑其个人资料的表单:
<div id="page">
<?php echo message(); ?>
<?php echo form_errors($errors); ?>
<h2>Edit Admin: <?php echo htmlentities($admin["username"]); ?></h2>
<form action="edit_admin.php?usr_serno=<?php echo urlencode($admin["usr_serno"]); ?>" method="post">
<p>Username:
<input type="text" name="username" value="<?php echo htmlentities($admin["username"]); ?>" />
</p>
<p>Password:
<input type="password" name="password" value="" />
<?php if (!isset($_GET["password"])
</p>
<p>Email:
<input type="text" name="email" value="<?php echo htmlentities($admin["email"]); ?>" />
</p>
<p>Role:
<select type="int" name="role_serno">
<option value="1">Administrator</option>
<option value="2">User</option>
</select>
</p>
<p>First Name:
<input type="text" name="name" value="<?php echo htmlentities($admin["name"]); ?>" />
</p>
<p>Last Name:
<input type="text" name="lastname" value="<?php echo htmlentities($admin["lastname"]); ?>" />
</p>
<p>ID:
<input type="text" name="id" value="<?php echo htmlentities($admin["id"]); ?>" />
</p>
<p>Address:
<input type="text" name="address" value="<?php echo htmlentities($admin["address"]); ?>" />
</p>
<p>Postcode:
<input type="text" name="postcode" value="<?php echo htmlentities($admin["postcode"]); ?>" />
</p>
<p>City:
<select id="city" type="text" name="city" value="<?php echo htmlentities($admin["city"]); ?>">
<option value="Nicosia">Nicosia</option>
<option value="Limassol">Limassol</option>
<option value="Larnaca">Larnaca</option>
<option value="Paphos">Paphos</option>
<option value="Other">Other</option>
</select>
<input id="other_city" type="text" name="other_city" value="<?php echo htmlentities($admin["city"]); ?>" />
</p>
<p>Telephone:
<input type="text" name="telephone" value="<?php echo htmlentities($admin["telephone"]); ?>" />
</p>
<p>College:
<input type="text" name="college" value="<?php echo htmlentities($admin["college"]); ?>" />
</p>
<input type="submit" name="submit" value="Edit Admin" />
</form>
<br />
<a href="manage_admins.php">Cancel</a>
</div>
`
在该页面的顶部,我正在检查并尝试更新用户个人资料:
if (isset($_POST["submit"])) {
$required_fields = array("username","email","role_serno",
"name","lastname","id","telephone","address","college","postcode","city");
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
// Perform Update
//if (!isset ($_POST["password"]))
//$hashed_password = $_GET["password"];
//if (isset ($_POST["password"]))
$id_serno = $admin["usr_serno"];
$username = mysql_prep($_POST["username"]);
$hashed_password = password_encrypt($_POST["password"]);
$email=mysql_prep($_POST["email"]);
$role_serno=mysql_prep($_POST["role_serno"]);
$name=mysql_prep($_POST["name"]);
$lastname=mysql_prep($_POST["lastname"]);
$id=mysql_prep( $_POST["id"]);
$date_create=mysql_prep( $_POST["date_create"]);
$address=mysql_prep( $_POST["address"]);
$postcode=mysql_prep( $_POST["postcode"]);
$city=mysql_prep( $_POST["city"]);
$telephone=mysql_prep( $_POST["telephone"]);
$college=mysql_prep( $_POST["college"]);
$query = "UPDATE users SET ";
$query .= "username = '{$username}', ";
$query .= "password = '{$hashed_password}', ";
$query .= "email = '{$email}', ";
$query .= "role_serno = '{$role_serno}', ";
$query .= "name = '{$name}', ";
$query .= "lastname = '{$lastname}', ";
$query .= "id = '{$id}', ";
$query .= "address = '{$address}', ";
$query .= "postcode = '{$postcode}', ";
$query .= "city = '{$city}', ";
$query .= "telephone = '{$telephone}', ";
$query .= "college = '{$college}' ";
$query .= "WHERE usr_serno = {$id_serno} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Admin updated.";
redirect_to("manage_admins.php");
} else {
// Failure
$_SESSION["message"] = "Admin update failed.";
}
}
} else {
// This is probably a GET request
} // end: if (is set($_POST["submit"]))`
问题出现在用户发布表单时没有传递密码,然后用空密码更新数据库,我检查不要在lo-gin页面接受空密码。
有没有办法避免和检查。
请告知我因为我是php的新手,我不能100%确定如何做到这一点。
到目前为止,我尝试检查post值是否为空,然后传递当前数据库值而不对其进行编码..但由于某种原因,if check实际上没有做任何事情
答案 0 :(得分:0)
您可以在此处添加客户端javascript验证。 在服务器端的情况下 检查
if(empty($_POST['password']))
{
// whatever you want to ask and do
}
答案 1 :(得分:0)
你可以这样检查
if (isset($_POST["submit"]) && trim($_POST['password']) !="") {
//run the code
}else{
}