"无法更新:重复输入' *用户名*'对于关键1"

时间:2013-12-09 03:09:55

标签: php mysql sorting

所以我试图让用户从update.php更新他们的个人资料,然后在userprofile.php中显示它,但我收到错误:&#34;无法更新:重复输入&#39; 用户名< / EM>&#39;对于键1和#34;我试图找到一个解决方案但我很困难。任何帮助将不胜感激。

这是update.php 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

 <title>User Profile Update</title>

 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

</head>

<body>


<?php

session_start();

if(!isset($_SESSION['logged']) || $_SESSION['logged'] = TRUE)
{
$userError = "Error! Invalid Username.";
$passError = "Error! Invalid Password.";
$emailError = "Error! Invalid Email.";
$conError = "Error! Passwords do not match.";

$errorCheck = false;

$regex = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';




if (isset($_POST['update']))
{
if(empty($_POST["firstName"])){
echo $userError;
$errorCheck = True;
}
elseif(empty($_POST["lastName"])){
echo $passError;
$errorCheck = True;
}
elseif(empty($_POST["userName"])){
echo $userError;
$errorCheck = True;
}
elseif(empty($_POST["pass"])){
echo $passError;
$errorCheck = True;
}
elseif(preg_match($regex, $_POST["email"]) != 1) {
echo $emailError;
$errorCheck = True;
} 
elseif($_POST["pass"] != $_POST["pass2"]){
echo $conError;
$errorCheck = True;
}
elseif($_POST["address"] != $_POST["address"]){
echo $conError;
$errorCheck = True;
}   

if(isset($_POST['update']) && (!$errorCheck)){  
$user="bparis";
$pass="soccerguy998";
$database="bparis";

$passwordSub=$_POST["pass"]; 
$encrypted_mypassword=md5($passwordSub);

$con=mysql_connect("localhost", $user, $pass)
or die ('Couldnt connect to server');
mysql_select_db($database,$con)
or die('could not connect to db');

if (mysqli_connect_errno())
 {
 echo "Failed to connect to MySQL: " . mysqli_connect_error();
 }
$key_id = $_POST["userName"];

$key_id2 = $_POST["email"];

//$location = $_POST['location'];
update($key_id2);
}else
{

userupdate();}  
}else
{userupdate();}

}else  
{    //if no user is logged in, display error   

echo "<h1>Access denied</h1>";
echo "<h3><a href=login.php>Click here to login</a></h3>";

} 
?>


<?php
function update($email){
$_SESSION['email'] = $email;

$sQry = "SELECT email FROM members WHERE email = " . (int)$_SESSION['email']; // Int userid
$obQry = mysql_query($sQry) or die(mysql_error()); // Shortcut, bad but usable
if (mysql_num_rows($obQry) == 1)
{
// Single record exists:// EDIT USER_PROFILE
$sReplace = "UPDATE members (username,password,email,firstName,lastName,address) VALUES('$_POST[userName]','$encrypted_mypassword','$_POST[email]','$_POST[firstName]','$_POST[lastName]','$_POST[address]')";

// Remember, I assumed that email is an integer!
}
else
{
$passwordSub=$_POST["pass"]; 
$encrypted_mypassword=md5($passwordSub);
$sReplace = "INSERT INTO members (username,password,email,firstName,lastName,address) VALUES('$_POST[userName]','$encrypted_mypassword','$_POST[email]','$_POST[firstName]','$_POST[lastName]','$_POST[address]')";

}

$obUpdate = mysql_query($sReplace) or die('Cannot update: ' . mysql_error());
if($obUpdate){
$subject = "Profile updated ";
$message = "You have updated your profile with Belfort Furniture. If not please contact customer service at : 703-406-7600";
$Belfortemail = "akomala.akouete@belfortfurniture.com";
echo "<b>profile updated</b>";mail($email, $subject,$message, "From:" . $Belfortemail);}else{
echo "Try update again";}
}
?>
<?php   
function userupdate(){
?>

<table>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<h1>Profile Update</h1>
<hr>
<tr><td>First Name:</td><td>

<input type="text" name="firstName" maxlength="20">

</td></tr>

<tr><td>Last Name:</td><td>

<input type="text" name="lastName" maxlength="20">

</td></tr>
<tr><td>Username:</td><td>

<input type="text" name="userName" maxlength="20">

</td></tr>

<tr><td>Password:</td><td>

<input type="password" name="pass" maxlength="20">

</td></tr>

<tr><td>Confirm Password:</td><td>

<input type="password" name="pass2" maxlength="20">

</td></tr>

<tr><td>Email:</td><td>

<input type="text" name="email" maxlength="50">

</td></tr>

<tr><td>Address:</td><td>

<input type="text" name="address" maxlength="100">

</td></tr>
<!--<tr>
                           <td class="right">address 1: </td>
                           <td><input type="text" name="location" value="" size="60" /></td>
                       </tr>-->


<tr><th colspan=2><input type="submit" name="update" value="UPDATE"></th></tr>

</form>
</table>

<?php
echo "<br><h3><a href=usersProfile.php>View your profile</a></h3>";
}
?>


</body>

</html>

这里是userprofile.php 

 <?php
session_start();
# DB INFO #
$user="xxxx";
$pass="xxxxx";
$database="xxxxx";


$con=mysql_connect("localhost", $user, $pass)
or die ('Couldnt connect to server');
mysql_select_db($database,$con)
or die('could not connect to db');


$result = mysql_query("SELECT userName,email,firstName,lastName,address FROM members") or die(mysql_error()); 
showpUsers($result);

function showpUsers($result)
{   
?> 
<table border="1">
  <tr>  
     <?php

$headings = array("Usernam","Email","First Name","Last Name","Address"); 
      foreach($headings as $info) {
        echo "<th border='1'>" . $info . "</th>";
     }

     ?>
  </tr>
  <?php
  if(count($result)>0){

$list = array("username","email","firstName","lastName","address"); 
//while($data = mysql_fetch_row($result)){
  $data = $result;
  echo "<tr border='1'>";
for($i=0;$i<count($data);$i++) {
echo "<td border='1'>" . $data[$i] . "</td>";
}
 echo "</tr>";
//}

}else{
echo "<b>Empty users list</b>";
}
  ?>
</table>

<?php
}
echo "<a href=update.php><button type='button'>USER UPDATE</button> </h1>";
?>
<hr/>
<br/>
<a href="index.php"><h3>Return Home Page</h3></a>

1 个答案:

答案 0 :(得分:1)

我可以看到有两种情况可能会导致这种情况:

  1. 您在数据库中有两个或更多行具有相同的username,并且正在调用您的INSERT语句。如果返回的行数为0,则仅通过调用此块来显式检查。此时您根本没有测试它。

  2. 您的username是该表的PRIMARY KEY。在这种情况下,您应该更改表,以便它具有唯一的auto_incrementing主键。

    3. 哦,并重写整个事情来修复大量的SQL注入漏洞。不要将此代码放在公共网站附近的任何位置。

相关问题
最新问题