我正在制作更新配置文件脚本..我在表单顶部有x字段并使用var_dump($ _ POST)进行测试。 var_dump显示一切正确,但在更新代码中它确实更新了任何内容。
if(isset($_POST['submit']))
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$phone = $_POST['phone'];
$profileText = $_POST['profileText'];
$website = $_POST['website'];
$username = $_SESSION['username'];
$stmt = $this->_db->execute("UPDATE `members` SET `firstname` = '$firstname', `lastname` = '$lastname', `phone` = '$phone', `profileText` = '$profileText', `website` = '$website' WHERE `username` = '$username'");
}
它并没有给我任何错误,所以无法给你一个错误信息..
Html表格:
<form role="form" method="POST" action="<?php $_PHP_SELF ?>">
<div class="form-group">
<label class="control-label">Fornavn</label>
<input type="text" value="<?php echo $userInfo->firstname; ?>" name="firstname" id="firstname" class="form-control"/>
</div>
<div class="form-group">
<label class="control-label">Efternavn</label>
<input type="text" value="<?php echo $userInfo->lastname; ?>" name="lastname" id="lastname" class="form-control"/>
</div>
<div class="form-group">
<label class="control-label">Mobil Nummer</label>
<input type="text" value="<?php echo $userInfo->phone; ?>" name="phone" id="phone" class="form-control"/>
</div>
<div class="form-group">
<label class="control-label">Job Titel</label>
<input type="text" value="<?php echo $userInfo->work; ?>" name="work" id="work" class="form-control" disabled/>
</div>
<div class="form-group">
<label class="control-label">Profil Tekst</label>
<textarea class="form-control" rows="3" name="profileText" id="profileText" value="<?php echo $userInfo->profileText; ?>"></textarea>
</div>
<div class="form-group">
<label class="control-label">Hjemmeside URL</label>
<input type="text" value="<?php echo $userInfo->website; ?>" name="website" id="website" class="form-control"/>
</div>
<div class="margiv-top-10">
<input type="submit" class="btn green" value="Gem" >
<a href="profile.html" class="btn default">Annuller </a>
</div>
</form>
答案 0 :(得分:1)
您正在尝试使用PDO类中没有的功能。但是,它可以在PDOStatement类中使用,当您使用prepare
时可以使用它。此外,如果您使用PDO,那么为了更安全的互联网,请使用准备好的声明。例如:
if(isset($_POST['submit'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$phone = $_POST['phone'];
$profileText = $_POST['profileText'];
$website = $_POST['website'];
$username = $_SESSION['username'];
$stmt = $this->_db->prepare("UPDATE `members` SET `firstname` = :firstname, `lastname` = :lastname, `phone` = :phone, `profileText` = :profileText, `website` = :website WHERE `username` = :username");
$stmt->bindParam(":firstname", $firstname, PDO::PARAM_STR);
$stmt->bindParam(":lastname", $lastname, PDO::PARAM_STR);
$stmt->bindParam(":phone", $phone, PDO::PARAM_STR);
$stmt->bindParam(":profileText", $profileText, PDO::PARAM_STR);
$stmt->bindParam(":website", $website, PDO::PARAM_STR);
$stmt->bindParam(":username", $username, PDO::PARAM_STR);
$stmt->execute();
}
如果我是你,我甚至会添加服务器端检查是否所有这些字段都已填写。这样做的快速而肮脏的方法如下:
if (isset($_POST['submit'])) {
$firstname = isset($_POST['firstname']) ? $_POST['firstname'] : null;
$lastname = isset($_POST['lastname']) ? $_POST['lastname'] : null;
$phone = isset($_POST['phone'] ? $_POST['phone'] : null;
$profileText = isset($_POST['profileText'] ? $_POST['profileText'] : null;
$website = isset($_POST['website']) ? $_POST['website'] : null;
$username = isset($_SESSION['username']) ? $_SESSION['username'] : null;
if (!in_array(null, array($firstname, $lastname, $phone, $profileText, $website, $username))) {
$stmt = $this->_db->prepare("UPDATE `members` SET `firstname` = :firstname, `lastname` = :lastname, `phone` = :phone, `profileText` = :profileText, `website` = :website WHERE `username` = :username");
$stmt->bindParam(":firstname", $firstname, PDO::PARAM_STR);
$stmt->bindParam(":lastname", $lastname, PDO::PARAM_STR);
$stmt->bindParam(":phone", $phone, PDO::PARAM_STR);
$stmt->bindParam(":profileText", $profileText, PDO::PARAM_STR);
$stmt->bindParam(":website", $website, PDO::PARAM_STR);
$stmt->bindParam(":username", $username, PDO::PARAM_STR);
$stmt->execute();
} else {
// tell them to fill in all of their details
}
}