进行更新'按钮问题

时间:2014-07-11 14:48:30

标签: php mysql

我有一个我不太懂的奇怪问题。我创建了一个注册/登录页面,并在注册页面上询问您的全名,电子邮件和性别。一旦您登录,就会出现“我的详细信息”按钮,一旦您点击该按钮,您就可以更改您的详细信息。所以这是我的问题,当我点击“我的详细信息”时,我可以看到全名,电子邮件和性别。但是当我尝试更新它时,它只是清除它,即使它声明“成功更新”它将被完全擦除,甚至旧的细节将被删除。我怀疑它的代码如下.. 

<?php
//this authenticates user
session_start();
if(!isset($_SESSION['username'])){
header("location:index.php");
}
$username = $_SESSION['username'];
?>

<?php include ('header.php'); ?> 

<?php
$update = (isset($_GET['update']) ? $_GET['update'] : null);
$full_name = (isset($_GET['full_name']) ? $_GET['full_name'] : null);
$full_name = strip_tags($full_name);
$location = (isset($_GET['location']) ? $_GET['location'] : null);
$location = strip_tags($location);
$gender = (isset($_GET['gender']) ? $_GET['gender'] : null);

if($update == 1 && !empty($_POST)) // Checks if the form is submitted or not
{
$success_update = mysql_query("UPDATE users SET fullname='$full_name', location='$location', gender='$gender' WHERE username='$username' ");
if($success_update) { 
echo '
<div class="alert alert-success">
Account Successfully updated!
</div>
';
} 

else {
echo '
<div class="alert">
  <button type="button" class="close" data-dismiss="alert">&times;</button>
Failed to update
</div>
';


}

}

$document_get = mysql_query("SELECT * FROM users WHERE username='$username'");
$match_value = mysql_fetch_array($document_get);
$fullname = $match_value['fullname'];
$location = $match_value['location'];
$gender = $match_value['gender'];

?>
<br/>

 <div style="float:right"> <a class="btn btn-info" href="dashboard.php" > Account </a>  <a class="btn" href="home.php"> <i class="icon-home icon-black"></i>Home</a> 
 <a class="btn btn-danger logout" href="logout.php" > Logout</a> 

 </div>

 <fieldset>
    <legend>Welcome <?php echo $username; ?>, </legend>

    <br/>
    <br/>
<form action="settings.php?update=1" method="post" name="myForm" onsubmit="return(validate());">
  <fieldset>
    <legend>Settings</legend>

    <label>Full Name *</label>
    <input name="full_name" type="text" placeholder="Type something…" value="<?php echo $fullname; ?>" >
    <br/>
    <label>Location </label>
    <input name="location" type="text" placeholder="Type something…" value="<?php echo $location; ?>">
    <br/>
    <label>Gender </label>
    <select name="gender">
  <option <?php if($gender == 'Male') echo 'selected'; ?> >Male</option>
  <option <?php if($gender == 'Female') echo 'selected'; ?> >Female</option>
</select>

    <br/>
    <button type="submit" class="btn">Update</button>
  </fieldset>
</form>
 </fieldset>





 <script>

 function validate()
{


   if( document.myForm.full_name.value == "" )
   {
     alert( "Please provide your full name!" );
     document.myForm.full_name.focus() ;
     return false;
   }

   return( true );
}


 $('.logout').click(function(){
    return confirm("Are you sure you want to Logout?");
})
</script>
<?php include ('footer.php'); ?>

有什么想法吗?干杯

1 个答案:

答案 0 :(得分:0)

  • 您确定它是$_GET而不是$_POST,导致您的变量为空,从而将所有字段更新为null?
  • $username未被宣布
  • 您很容易受到SQL注入攻击

在您的代码中,您检查$_POST,因此我认为您的意思是检查文件顶部的$_POST而不是$_GET

用;

替换文件的顶部 
$update = (isset($_POST['update']) ? $_POST['update'] : null);
$username = (isset($_POST['username']) ? $_POST['username'] : null);
$full_name = (isset($_POST['full_name']) ? $_POST['full_name'] : null);
$full_name = strip_tags($full_name);
$location = (isset($_POST['location']) ? $_POST['location'] : null);
$location = strip_tags($location);
$gender = (isset($_POST['gender']) ? $_POST['gender'] : null);

另外,请对@esqew评论采取行动;

  

请不要在新代码中使用mysql_ *函数。它们不再维护,并且已被正式弃用。看到红色的盒子?了解准备好的语句,并使用PDO或MySQLi - 本文将帮助您确定哪些。

相关问题
最新问题