PHP代码不从表单更新

时间:2014-09-19 14:34:07

标签: php pdo

我正在制作更新配置文件脚本..我在表单顶部有x字段并使用var_dump($ _ POST)进行测试。 var_dump显示一切正确,但在更新代码中它确实更新了任何内容。

    if(isset($_POST['submit']))
{
                $firstname      = $_POST['firstname'];
                $lastname       = $_POST['lastname'];
                $phone          = $_POST['phone'];
                $profileText    = $_POST['profileText'];
                $website        = $_POST['website'];
                $username       = $_SESSION['username'];

                $stmt = $this->_db->execute("UPDATE `members` SET `firstname` = '$firstname', `lastname` = '$lastname', `phone` = '$phone', `profileText` = '$profileText', `website` = '$website' WHERE `username` = '$username'");

}

它并没有给我任何错误,所以无法给你一个错误信息..

Html表格:

<form role="form" method="POST" action="<?php $_PHP_SELF ?>">
<div class="form-group">
<label class="control-label">Fornavn</label>
<input type="text" value="<?php echo $userInfo->firstname; ?>" name="firstname" id="firstname" class="form-control"/>
</div>
<div class="form-group">
<label class="control-label">Efternavn</label>
<input type="text" value="<?php echo $userInfo->lastname; ?>" name="lastname" id="lastname" class="form-control"/>
</div>
<div class="form-group">
<label class="control-label">Mobil Nummer</label>
<input type="text" value="<?php echo $userInfo->phone; ?>" name="phone" id="phone" class="form-control"/>
</div>
<div class="form-group">
<label class="control-label">Job Titel</label>
<input type="text" value="<?php echo $userInfo->work; ?>" name="work" id="work" class="form-control" disabled/>
</div>
<div class="form-group">
<label class="control-label">Profil Tekst</label>
<textarea class="form-control" rows="3" name="profileText" id="profileText" value="<?php echo $userInfo->profileText; ?>"></textarea>
</div>
<div class="form-group">
<label class="control-label">Hjemmeside URL</label>
<input type="text" value="<?php echo $userInfo->website; ?>" name="website" id="website" class="form-control"/>
</div>
<div class="margiv-top-10">
<input type="submit" class="btn green" value="Gem" >
<a href="profile.html" class="btn default">Annuller </a>
</div>
</form>

1 个答案:

答案 0 :(得分:1)

您正在尝试使用PDO类中没有的功能。但是,它可以在PDOStatement类中使用,当您使用prepare时可以使用它。此外,如果您使用PDO,那么为了更安全的互联网,请使用准备好的声明。例如:

if(isset($_POST['submit'])) {
    $firstname      = $_POST['firstname'];
    $lastname       = $_POST['lastname'];
    $phone          = $_POST['phone'];
    $profileText    = $_POST['profileText'];
    $website        = $_POST['website'];
    $username       = $_SESSION['username'];

    $stmt = $this->_db->prepare("UPDATE `members` SET `firstname` = :firstname, `lastname` = :lastname, `phone` = :phone, `profileText` = :profileText, `website` = :website WHERE `username` = :username");

    $stmt->bindParam(":firstname", $firstname, PDO::PARAM_STR);
    $stmt->bindParam(":lastname", $lastname, PDO::PARAM_STR);
    $stmt->bindParam(":phone", $phone, PDO::PARAM_STR);
    $stmt->bindParam(":profileText", $profileText, PDO::PARAM_STR);
    $stmt->bindParam(":website", $website, PDO::PARAM_STR);
    $stmt->bindParam(":username", $username, PDO::PARAM_STR);

    $stmt->execute();
}

如果我是你,我甚至会添加服务器端检查是否所有这些字段都已填写。这样做的快速而肮脏的方法如下:

if (isset($_POST['submit'])) {
    $firstname      = isset($_POST['firstname']) ? $_POST['firstname'] : null;
    $lastname       = isset($_POST['lastname']) ? $_POST['lastname'] : null;
    $phone          = isset($_POST['phone'] ? $_POST['phone'] : null;
    $profileText    = isset($_POST['profileText'] ? $_POST['profileText'] : null;
    $website        = isset($_POST['website']) ? $_POST['website'] : null;
    $username       = isset($_SESSION['username']) ? $_SESSION['username'] : null;

    if (!in_array(null, array($firstname, $lastname, $phone, $profileText, $website, $username))) {
        $stmt = $this->_db->prepare("UPDATE `members` SET `firstname` = :firstname, `lastname` = :lastname, `phone` = :phone, `profileText` = :profileText, `website` = :website WHERE `username` = :username");

        $stmt->bindParam(":firstname", $firstname, PDO::PARAM_STR);
        $stmt->bindParam(":lastname", $lastname, PDO::PARAM_STR);
        $stmt->bindParam(":phone", $phone, PDO::PARAM_STR);
        $stmt->bindParam(":profileText", $profileText, PDO::PARAM_STR);
        $stmt->bindParam(":website", $website, PDO::PARAM_STR);
        $stmt->bindParam(":username", $username, PDO::PARAM_STR);

        $stmt->execute();
    } else {
        // tell them to fill in all of their details
    }
}