更新查询不更新表

时间:2014-04-26 00:05:56

标签: php html mysqli

我有一个用户数据配置文件,我想在用户填写表单时更新。运行更新查询时,值将传递给PHP脚本,但不会在表中更改。

表格的HTML:

    echo "<br />";
    echo "From this page you can change your profile details.";
    echo "<br />";
    echo "<br />";
    echo "<form id='edit' action='../scripts/editscript.php' method='post' accept-charset='UTF-8'>";
    echo "<label for='firstname'>First Name:</label>";
    echo "<input type='text' id='firstname' name='firstname' />";
    echo "<br />";
    echo "<label for='lastname'>Last Name:</label>";
    echo "<input type='text' id='lastname' name='lastname' />";
    echo "<br />";
    echo "<label for='username'>User Name:</label>";
    echo "<input type='text' id='username' name='username' />";
    echo "<br />";
    echo "<label for='password'>Password:</label>";
    echo "<input type='password' id='password' name='password' />";
    echo "<br />";
    echo "<label for='passwordconfirm'>Confirm Password:</label>";
    echo "<input type='password' id='passwordconfirm' name='passwordconfirm' />";
    echo "<br />";
    echo "<label for='email'>E-Mail:</label>";
    echo "<input type='email' id='email' name='email' />";
    echo "<br />";
    echo "<label for='like'>Something you like:</label>";
    echo "<input type='text' id='like' name='like' />";
    echo "<br />";
    echo "<label for='dislike'>Something you dislike</label>";
    echo "<input type='text' id='dislike' name='dislike' />";
    echo "<br />";
    echo "<label for='fact'>A fun fact about yourself:</label>";
    echo "<input type='text' id='fact' name='fact' />";
    echo "<br />";
    echo "<label for='allow'>Do you want other people to see parts of your profile:</label>";
    echo "<input type='radio' name='allow' value='yes' /> Yes";
    echo "<input type='radio' name='allow' value='no' /> No";
    echo "<br />";
    echo "<br />";
    echo "<input type='submit' name='submit' value='Confirm' />";
    echo "</form>";

PHP脚本:

<?PHP
session_start();
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
    $allowvalue = 1;
} else {
    $allowvalue = 0;
};
$con = mysqli_connect('localhost','//db_username','//db_pass','//table');
if (mysqli_connect_errno($con)) {
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "UPDATE users SET firstname = '" . $firstname . "',
lastname = '" . $lastname . "',
username = '" . $username . "',
password = '" . $password . "',
email = '" . $email . "',
like = '" . $like . "',
dislike = '" . $dislike . "',
fact = '" . $fact . "',
allowview = " . $allowvalue . " WHERE UID = " . $UID . "";
mysqli_query($con,$query);
mysqli_close($con);
?>

我真的不明白为什么这不会像预期的那样。任何帮助表示赞赏。 :)

3 个答案:

答案 0 :(得分:1)

准备好的陈述不仅有助于避免sql infection,还可以帮助您组织代码,从而使代码更加稳固

<?php
session_start();
/*your variables*/
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
    $allowvalue = 1;
} else {
    $allowvalue = 0;
};

$mysqli = new mysqli("localhost", "//db_username", "//db_pass", "//table");
/* check connection */
if (mysqli_connect_errno()) {
    echo ("Failed to connect to MySQL:: %s\n", mysqli_connect_error());
    exit();
}
/* Prepare an update statement */
$query = "UPDATE users SET firstname = ?,
lastname = ?,
username = ?,
password = ?,
email = ?,
like = ?,
dislike = ?,
fact = ?,
allowview = ? WHERE UID = ?";

$stmt = $mysqli->prepare($query);
$stmt->bind_param("ssssssssii",$firstname, $lastname, $username, $password, $email, 
                               $like, $dislike, $fact, $allowvalue, $UID);

/* Execute the statement */
$stmt->execute();

/* close connection */
$mysqli->close();
?>

答案 1 :(得分:0)

做一个

var_dump($_SESSION['user']['UID']);

很可能id与db

中的id不匹配

答案 2 :(得分:0)

我弄清楚它是什么。我数据库中的一列是&#39;喜欢&#39;。这是一个MySQL关键字,所以它搞乱了我的查询,无论如何感谢你的建议:)