页面未显示数据库更新信息但数据库已更新

时间:2014-07-04 19:50:44

标签: php mysql

我有一个标准表单,一旦登录就显示用户来自MySQL数据库的当前数据(从互联网获取的代码)。然后,用户可以编辑他们的数据,然后将其提交到执行更新的名为editform.php的页面。

除了页面不显示更新的信息外,一切正常。用户必须先注销并再次登录才能看到更新的信息。刷新页面不会显示新信息。

我的表单test.php

<form action="editform.php?id_user=<?= $fgmembersite->UserId() ?>" method="POST">
    <input type="hidden" name="id_user" value="<?= $fgmembersite->UserId() ?>"><br>
    Name:<br> 
    <input type="text" name="name" size="40" value="<?= $fgmembersite->UserFullName() ?>"><br><br>
    Email:<br>
    <input type="text" name="email" size="40" value="<?= $fgmembersite->UserEmail() ?>  "><br><br>
    Address:<br>
    <input type="text" name="address" size="40" value="<?= $fgmembersite->UserAddress() ?>  "><br><br>
    <button>Submit</button>

我的editform.php页面

<?php


include('db.php');

 mysql_query("UPDATE fgusers3 SET name = '".$_POST['name']."', email=                  `enter code here`'".$_POST['email']."', address= '".$_POST['address']."' WHERE       `enter code here`id_user='".$_POST['id_user']."'");

header("Location: test.php");

&GT;

我的membersite_config.php

 <?PHP
 require_once("./include/fg_membersite.php");

 $fgmembersite = new FGMembersite();


 $fgmembersite->SetWebsiteName('user11.com');


 $fgmembersite->SetAdminEmail('user11@user11.com');


 $fgmembersite->InitDB(/*hostname*/'localhost',
                  /*username*/'',
                  /*password*/'',
                  /*database name*/'',
                  /*table name*/'fgusers3');


 $fgmembersite->SetRandomKey('qSRcVS6DrTzrPvr');

 ?>

我的fg_membersite.php页面

 <?PHP

 require_once("class.phpmailer.php");
 require_once("formvalidator.php");

class FGMembersite
{
var $admin_email;
var $from_address;

var $username;
var $pwd;
var $database;
var $tablename;
var $connection;
var $rand_key;

var $error_message;

//-----Initialization -------
function FGMembersite()
{
    $this->sitename = 'YourWebsiteName.com';
    $this->rand_key = '0iQx5oBk66oVZep';
}

function InitDB($host,$uname,$pwd,$database,$tablename)
{
    $this->db_host  = $host;
    $this->username = $uname;
    $this->pwd  = $pwd;
    $this->database  = $database;
    $this->tablename = $tablename;

}
function SetAdminEmail($email)
{
    $this->admin_email = $email;
}

function SetWebsiteName($sitename)
{
    $this->sitename = $sitename;
}

function SetRandomKey($key)
{
    $this->rand_key = $key;
}

//-------Main Operations ----------------------
function RegisterUser()
{
    if(!isset($_POST['submitted']))
    {
       return false;
    }

    $formvars = array();

    if(!$this->ValidateRegistrationSubmission())
    {
        return false;
    }

    $this->CollectRegistrationSubmission($formvars);

    if(!$this->SaveToDatabase($formvars))
    {
        return false;
    }

    if(!$this->SendUserConfirmationEmail($formvars))
    {
        return false;
    }

    $this->SendAdminIntimationEmail($formvars);

    return true;
  }

 function ConfirmUser()
  {
    if(empty($_GET['code'])||strlen($_GET['code'])<=10)
    {
        $this->HandleError("Please provide the confirm code");
        return false;
    }
    $user_rec = array();
    if(!$this->UpdateDBRecForConfirmation($user_rec))
    {
        return false;
    }

    $this->SendUserWelcomeEmail($user_rec);

    $this->SendAdminIntimationOnRegComplete($user_rec);

    return true;
 }    

 function Login()
 {
     if(empty($_POST['username']))
    {
        $this->HandleError("UserName is empty!");
        return false;
    }

    if(empty($_POST['password']))
    {
        $this->HandleError("Password is empty!");
        return false;
    }

    $username = trim($_POST['username']);
    $password = trim($_POST['password']);

    if(!isset($_SESSION)){ session_start(); }
    if(!$this->CheckLoginInDB($username,$password))
    {
        return false;
    }

    $_SESSION[$this->GetLoginSessionVar()] = $username;

    return true;
   }

   function CheckLogin()
   {
     if(!isset($_SESSION)){ session_start(); }

     $sessionvar = $this->GetLoginSessionVar();

     if(empty($_SESSION[$sessionvar]))
     {
        return false;
     }
     return true;
    }

    function UserId()
    {
    return isset($_SESSION['id_of_user'])?$_SESSION['id_of_user']:'';
    }


    function UserFullName()
    {
    return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:'';
    }

    function UserEmail()
    {
    return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:'';
    }

    function UserAddress()
    {
    return isset($_SESSION['address_of_user'])?$_SESSION['address_of_user']:'';
    }


    function LogOut()
   {
    session_start();

    $sessionvar = $this->GetLoginSessionVar();

    $_SESSION[$sessionvar]=NULL;

    unset($_SESSION[$sessionvar]);
}

function EmailResetPasswordLink()
{
    if(empty($_POST['email']))
    {
        $this->HandleError("Email is empty!");
        return false;
    }
    $user_rec = array();
    if(false === $this->GetUserFromEmail($_POST['email'], $user_rec))
    {
        return false;
    }
    if(false === $this->SendResetPasswordLink($user_rec))
    {
        return false;
    }
    return true;
}

function ResetPassword()
{
    if(empty($_GET['email']))
    {
        $this->HandleError("Email is empty!");
        return false;
    }
    if(empty($_GET['code']))
    {
        $this->HandleError("reset code is empty!");
        return false;
    }
    $email = trim($_GET['email']);
    $code = trim($_GET['code']);

    if($this->GetResetPasswordCode($email) != $code)
    {
        $this->HandleError("Bad reset code!");
        return false;
    }

    $user_rec = array();
    if(!$this->GetUserFromEmail($email,$user_rec))
    {
        return false;
    }

    $new_password = $this->ResetUserPasswordInDB($user_rec);
    if(false === $new_password || empty($new_password))
    {
        $this->HandleError("Error updating new password");
        return false;
    }

    if(false == $this->SendNewPassword($user_rec,$new_password))
    {
        $this->HandleError("Error sending new password");
        return false;
    }
    return true;
}

function ChangePassword()
{
    if(!$this->CheckLogin())
    {
        $this->HandleError("Not logged in!");
        return false;
    }

    if(empty($_POST['oldpwd']))
    {
        $this->HandleError("Old password is empty!");
        return false;
    }
    if(empty($_POST['newpwd']))
    {
        $this->HandleError("New password is empty!");
        return false;
    }

    $user_rec = array();
    if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec))
    {
        return false;
    }

    $pwd = trim($_POST['oldpwd']);

    if($user_rec['password'] != md5($pwd))
    {
        $this->HandleError("The old password does not match!");
        return false;
    }
    $newpwd = trim($_POST['newpwd']);

    if(!$this->ChangePasswordInDB($user_rec, $newpwd))
    {
        return false;
    }
    return true;
}

//-------Public Helper functions -------------
function GetSelfScript()
{
    return htmlentities($_SERVER['PHP_SELF']);
}    

function SafeDisplay($value_name)
{
    if(empty($_POST[$value_name]))
    {
        return'';
    }
    return htmlentities($_POST[$value_name]);
}

function RedirectToURL($url)
{
    header("Location: $url");
    exit;
}

function GetSpamTrapInputName()
{
    return 'sp'.md5('KHGdnbvsgst'.$this->rand_key);
}

function GetErrorMessage()
{
    if(empty($this->error_message))
    {
        return '';
    }
    $errormsg = nl2br(htmlentities($this->error_message));
    return $errormsg;
}    
//-------Private Helper functions-----------

function HandleError($err)
{
    $this->error_message .= $err."\r\n";
}

function HandleDBError($err)
{
    $this->HandleError($err."\r\n mysqlerror:".mysql_error());
}

function GetFromAddress()
{
    if(!empty($this->from_address))
    {
        return $this->from_address;
    }

    $host = $_SERVER['SERVER_NAME'];

    $from ="nobody@$host";
    return $from;
} 

function GetLoginSessionVar()
{
    $retvar = md5($this->rand_key);
    $retvar = 'usr_'.substr($retvar,0,10);
    return $retvar;
}

function CheckLoginInDB($username,$password)
{
    if(!$this->DBLogin())
    {
        $this->HandleError("Database login failed!");
        return false;
    }          
    $username = $this->SanitizeForSQL($username);
    $pwdmd5 = md5($password);
    $qry = "Select id_user, name, email, address from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'";

    $result = mysql_query($qry,$this->connection);

    if(!$result || mysql_num_rows($result) <= 0)
    {
        $this->HandleError("Error logging in. The username or password does not match");
        return false;
    }

    $row = mysql_fetch_assoc($result);


    $_SESSION['id_of_user'] = $row['id_user'];
    $_SESSION['name_of_user']  = $row['name'];
    $_SESSION['email_of_user'] = $row['email'];
    $_SESSION['address_of_user'] = $row['address'];


    return true;
}

function UpdateDBRecForConfirmation(&$user_rec)
{
    if(!$this->DBLogin())
    {
        $this->HandleError("Database login failed!");
        return false;
    }   
    $confirmcode = $this->SanitizeForSQL($_GET['code']);

    $result = mysql_query("Select name, email from $this->tablename where confirmcode='$confirmcode'",$this->connection);   
    if(!$result || mysql_num_rows($result) <= 0)
    {
        $this->HandleError("Wrong confirm code.");
        return false;
    }
    $row = mysql_fetch_assoc($result);
    $user_rec['name'] = $row['name'];
    $user_rec['email']= $row['email'];

    $qry = "Update $this->tablename Set confirmcode='y' Where  confirmcode='$confirmcode'";

    if(!mysql_query( $qry ,$this->connection))
    {
        $this->HandleDBError("Error inserting data to the table\nquery:$qry");
        return false;
    }      
    return true;
}

function ResetUserPasswordInDB($user_rec)
{
    $new_password = substr(md5(uniqid()),0,10);

    if(false == $this->ChangePasswordInDB($user_rec,$new_password))
    {
        return false;
    }
    return $new_password;
}

function ChangePasswordInDB($user_rec, $newpwd)
{
    $newpwd = $this->SanitizeForSQL($newpwd);

    $qry = "Update $this->tablename Set password='".md5($newpwd)."' Where  id_user=".$user_rec['id_user']."";

    if(!mysql_query( $qry ,$this->connection))
    {
        $this->HandleDBError("Error updating the password \nquery:$qry");
        return false;
    }     
    return true;
}

function GetUserFromEmail($email,&$user_rec)
{
    if(!$this->DBLogin())
    {
        $this->HandleError("Database login failed!");
        return false;
    }   
    $email = $this->SanitizeForSQL($email);

    $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection);  

    if(!$result || mysql_num_rows($result) <= 0)
    {
        $this->HandleError("There is no user with email: $email");
        return false;
    }
    $user_rec = mysql_fetch_assoc($result);


    return true;
}

function SendUserWelcomeEmail(&$user_rec)
{
    $mailer = new PHPMailer();

    $mailer->CharSet = 'utf-8';

    $mailer->AddAddress($user_rec['email'],$user_rec['name']);

    $mailer->Subject = "Welcome to ".$this->sitename;

    $mailer->From = $this->GetFromAddress();        

    $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
    "Welcome! Your registration  with ".$this->sitename." is completed.\r\n".
    "\r\n".
    "Regards,\r\n".
    "Webmaster\r\n".
    $this->sitename;

    if(!$mailer->Send())
    {
        $this->HandleError("Failed sending user welcome email.");
        return false;
    }
    return true;
}

function SendAdminIntimationOnRegComplete(&$user_rec)
{
    if(empty($this->admin_email))
    {
        return false;
    }
    $mailer = new PHPMailer();

    $mailer->CharSet = 'utf-8';

    $mailer->AddAddress($this->admin_email);

    $mailer->Subject = "Registration Completed: ".$user_rec['name'];

    $mailer->From = $this->GetFromAddress();         

    $mailer->Body ="A new user registered at ".$this->sitename."\r\n".
    "Name: ".$user_rec['name']."\r\n".
    "Email address: ".$user_rec['email']."\r\n";

    if(!$mailer->Send())
    {
        return false;
    }
    return true;
}

function GetResetPasswordCode($email)
{
   return substr(md5($email.$this->sitename.$this->rand_key),0,10);
}

function SendResetPasswordLink($user_rec)
{
    $email = $user_rec['email'];

    $mailer = new PHPMailer();

    $mailer->CharSet = 'utf-8';

    $mailer->AddAddress($email,$user_rec['name']);

    $mailer->Subject = "Your reset password request at ".$this->sitename;

    $mailer->From = $this->GetFromAddress();

    $link = $this->GetAbsoluteURLFolder().
            '/resetpwd.php?email='.
            urlencode($email).'&code='.
            urlencode($this->GetResetPasswordCode($email));

    $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
    "There was a request to reset your password at ".$this->sitename."\r\n".
    "Please click the link below to complete the request: \r\n".$link."\r\n".
    "Regards,\r\n".
    "Webmaster\r\n".
    $this->sitename;

    if(!$mailer->Send())
    {
        return false;
    }
    return true;
}

function SendNewPassword($user_rec, $new_password)
{
    $email = $user_rec['email'];

    $mailer = new PHPMailer();

    $mailer->CharSet = 'utf-8';

    $mailer->AddAddress($email,$user_rec['name']);

    $mailer->Subject = "Your new password for ".$this->sitename;

    $mailer->From = $this->GetFromAddress();

    $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
    "Your password is reset successfully. ".
    "Here is your updated login:\r\n".
    "username:".$user_rec['username']."\r\n".
    "password:$new_password\r\n".
    "\r\n".
    "Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n".
    "\r\n".
    "Regards,\r\n".
    "Webmaster\r\n".
    $this->sitename;

    if(!$mailer->Send())
    {
        return false;
    }
    return true;
}    

function ValidateRegistrationSubmission()
{
    //This is a hidden input field. Humans won't fill this field.
    if(!empty($_POST[$this->GetSpamTrapInputName()]) )
    {
        //The proper error is not given intentionally
        $this->HandleError("Automated submission prevention: case 2 failed");
        return false;
    }

    $validator = new FormValidator();
    $validator->addValidation("name","req","Please fill in Name");
    $validator->addValidation("email","email","The input for Email should be a valid email value");
    $validator->addValidation("email","req","Please fill in Email");
    $validator->addValidation("username","req","Please fill in UserName");
    $validator->addValidation("password","req","Please fill in Password");


    if(!$validator->ValidateForm())
    {
        $error='';
        $error_hash = $validator->GetErrors();
        foreach($error_hash as $inpname => $inp_err)
        {
            $error .= $inpname.':'.$inp_err."\n";
        }
        $this->HandleError($error);
        return false;
    }        
    return true;
}

function CollectRegistrationSubmission(&$formvars)
{
    $formvars['name'] = $this->Sanitize($_POST['name']);
    $formvars['email'] = $this->Sanitize($_POST['email']);
    $formvars['username'] = $this->Sanitize($_POST['username']);
    $formvars['password'] = $this->Sanitize($_POST['password']);
}

function SendUserConfirmationEmail(&$formvars)
{
    $mailer = new PHPMailer();

    $mailer->CharSet = 'utf-8';

    $mailer->AddAddress($formvars['email'],$formvars['name']);

    $mailer->Subject = "Your registration with ".$this->sitename;

    $mailer->From = $this->GetFromAddress();        

    $confirmcode = $formvars['confirmcode'];

    $confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode;

    $mailer->Body ="Hello ".$formvars['name']."\r\n\r\n".
    "Thanks for your registration with ".$this->sitename."\r\n".
    "Please click the link below to confirm your registration.\r\n".
    "$confirm_url\r\n".
    "\r\n".
    "Regards,\r\n".
    "Webmaster\r\n".
    $this->sitename;

    if(!$mailer->Send())
    {
        $this->HandleError("Failed sending registration confirmation email.");
        return false;
    }
    return true;
}
function GetAbsoluteURLFolder()
{
    $scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';

    $urldir ='';
    $pos = strrpos($_SERVER['REQUEST_URI'],'/');
    if(false !==$pos)
    {
        $urldir = substr($_SERVER['REQUEST_URI'],0,$pos);
    }

    $scriptFolder .= $_SERVER['HTTP_HOST'].$urldir;

    return $scriptFolder;
}

function SendAdminIntimationEmail(&$formvars)
{
    if(empty($this->admin_email))
    {
        return false;
    }
    $mailer = new PHPMailer();

    $mailer->CharSet = 'utf-8';

    $mailer->AddAddress($this->admin_email);

    $mailer->Subject = "New registration: ".$formvars['name'];

    $mailer->From = $this->GetFromAddress();         

    $mailer->Body ="A new user registered at ".$this->sitename."\r\n".
    "Name: ".$formvars['name']."\r\n".
    "Email address: ".$formvars['email']."\r\n".
    "UserName: ".$formvars['username'];

    if(!$mailer->Send())
    {
        return false;
    }
    return true;
}

function SaveToDatabase(&$formvars)
{
    if(!$this->DBLogin())
    {
        $this->HandleError("Database login failed!");
        return false;
    }
    if(!$this->Ensuretable())
    {
        return false;
    }
    if(!$this->IsFieldUnique($formvars,'email'))
    {
        $this->HandleError("This email is already registered");
        return false;
    }

    if(!$this->IsFieldUnique($formvars,'username'))
    {
        $this->HandleError("This UserName is already used. Please try another username");
        return false;
    }        
    if(!$this->InsertIntoDB($formvars))
    {
        $this->HandleError("Inserting to Database failed!");
        return false;
    }
    return true;
}

function IsFieldUnique($formvars,$fieldname)
{
    $field_val = $this->SanitizeForSQL($formvars[$fieldname]);
    $qry = "select username from $this->tablename where $fieldname='".$field_val."'";
    $result = mysql_query($qry,$this->connection);   
    if($result && mysql_num_rows($result) > 0)
    {
        return false;
    }
    return true;
}

function DBLogin()
{

    $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd);

    if(!$this->connection)
    {   
        $this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct");
        return false;
    }
    if(!mysql_select_db($this->database, $this->connection))
    {
        $this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct');
        return false;
    }
    if(!mysql_query("SET NAMES 'UTF8'",$this->connection))
    {
        $this->HandleDBError('Error setting utf8 encoding');
        return false;
    }
    return true;
}    

function Ensuretable()
{
    $result = mysql_query("SHOW COLUMNS FROM $this->tablename");   
    if(!$result || mysql_num_rows($result) <= 0)
    {
        return $this->CreateTable();
    }
    return true;
}

function CreateTable()
{
    $qry = "Create Table $this->tablename (".
            "id_user INT NOT NULL AUTO_INCREMENT ,".
            "name VARCHAR( 128 ) NOT NULL ,".
            "email VARCHAR( 64 ) NOT NULL ,".
            "phone_number VARCHAR( 16 ) NOT NULL ,".
            "username VARCHAR( 16 ) NOT NULL ,".
            "password VARCHAR( 32 ) NOT NULL ,".
            "confirmcode VARCHAR(32) ,".
            "PRIMARY KEY ( id_user )".
            ")";

    if(!mysql_query($qry,$this->connection))
    {
        $this->HandleDBError("Error creating the table \nquery was\n $qry");
        return false;
    }
    return true;
}

function InsertIntoDB(&$formvars)
{

    $confirmcode = $this->MakeConfirmationMd5($formvars['email']);

    $formvars['confirmcode'] = $confirmcode;

    $insert_query = 'insert into '.$this->tablename.'(
            name,
            email,
            username,
            password,
            confirmcode
            )
            values
            (
            "' . $this->SanitizeForSQL($formvars['name']) . '",
            "' . $this->SanitizeForSQL($formvars['email']) . '",
            "' . $this->SanitizeForSQL($formvars['username']) . '",
            "' . md5($formvars['password']) . '",
            "' . $confirmcode . '"
            )';      
    if(!mysql_query( $insert_query ,$this->connection))
    {
        $this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
        return false;
    }        
    return true;
}
function MakeConfirmationMd5($email)
{
    $randno1 = rand();
    $randno2 = rand();
    return md5($email.$this->rand_key.$randno1.''.$randno2);
}
function SanitizeForSQL($str)
{
    if( function_exists( "mysql_real_escape_string" ) )
    {
          $ret_str = mysql_real_escape_string( $str );
    }
    else
    {
          $ret_str = addslashes( $str );
    }
    return $ret_str;
}


function Sanitize($str,$remove_nl=true)
{
    $str = $this->StripSlashes($str);

    if($remove_nl)
    {
        $injections = array('/(\n+)/i',
            '/(\r+)/i',
            '/(\t+)/i',
            '/(%0A+)/i',
            '/(%0D+)/i',
            '/(%08+)/i',
            '/(%09+)/i'
            );
        $str = preg_replace($injections,'',$str);
    }

    return $str;
}    
function StripSlashes($str)
{
    if(get_magic_quotes_gpc())
    {
        $str = stripslashes($str);
    }
    return $str;
}    

} ?&GT;

2 个答案:

答案 0 :(得分:0)

editform.php显示在登录期间存储到会话的信息,因此即使更新到表后,会话也将具有旧值

更改函数UserAddress()中的代码以从数据库中获取地址而不是从会话中获取地址。 并在更新查询到表(fgusers3)

后更新会话地址中的地址值

答案 1 :(得分:0)

我设法搞清楚了。对于那些会遇到类似问题的人,我想我会与你分享。在我的editform.php中,我成功更新了数据库,但我没有更新会话。因为我从会话而不是数据库中检索值,所以更新的信息没有显示,因此我需要用$ _SESSION更新会话[ &#39; name_of_user&#39;] = $ _POST [&#39; name&#39;];为了名称以及我正在检索的所有其他值。 -