UPDATE函数,USER ID未知

时间:2014-09-20 08:20:43

标签: php mysql

以下脚本更新数据库。 问题...我不知道如何将ID更改为登录的实际用户。我目前正在使用电子邮件地址作为登录用户名。电子邮件地址作为电子邮件存储在数据库中。

<?php

    session_start();

$con=mysqli_connect("localhost", "root", "", "test");

if (mysqli_connect_errno()) {

  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}


$firstname = mysqli_real_escape_string($con, $_POST['firstname']);

$lastname = mysqli_real_escape_string($con, $_POST['lastname']);


$sql="UPDATE users SET `firstname`='$firstname' WHERE `id???`=??#?? LIMIT 1";


if (!mysqli_query($con,$sql)) {

  die('Error: ' . mysqli_error($con));

}

echo "1 record added";

mysqli_close($con);

?>

<?php

if( !isset( $_SESSION['email']) ){
    session_start();
}

    if($_GET["logout"]==1 AND $_SESSION['id']) { session_destroy();

         $message="You have been logged out";

    }

include("connection.php");

if ($_POST['submit']=="Sign Up") {

    if (!$_POST['email']) $error.="<br />Please enter your email";
        else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) $error.="<br />Please enter a valid email address";

    if (!$_POST['password']) $error.="<br />Please enter your password";
        else {

        if (strlen($_POST['password'])<8) $error.="<br />Please enter a password with at least 8 characters";
        if (!preg_match('`[A-Z]`', $_POST['password'])) $error.="<br />Please enter at least 1 capital letter";

        }

     if ($error) $error = "There were error(s) in your signup details:".$error;
     else {


        $query = "SELECT * FROM `users` WHERE email='".mysqli_real_escape_string($link, $_POST['email'])."'";

        $result = mysqli_query($link, $query);

        $results = mysqli_num_rows($result);

        if ($results) $error = "That email address is already registered";

        else {

            $query="INSERT INTO `users` (`email`, `password`) VALUES('".mysqli_real_escape_string($link, $_POST['email'])."', '".md5(md5($_POST['email']).$_POST['password'])."')";

            mysqli_query($link, $query);

            $message = "You've been signed up!";

            $_SESSION['id']=mysqli_insert_id($link);              

            header("Location:profile.php");

        }

    }

}

 if ($_POST['submit']=="Log In") {

    $query="SELECT * FROM `users` WHERE email='".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail']).$_POST['loginpassword'])."' LIMIT 1";

    $result = mysqli_query($link, $query);

    $row = mysqli_fetch_array($result);

    if ($row) {

        $_SESSION['id']=$row['id'];

            header("Location:profile.php");

        } else {

         $loginerror = "We could not find a user with that email and password. Please try again.";

        }
    }
?>

1 个答案:

答案 0 :(得分:0)

您需要在登录时将用户ID存储在会话变量中才能执行此操作。 例如,在您的登录脚本中:

if( !isset( $_SESSION ) ){
    session_start();
}

//一些登录脚本,您可以在其中对表进行查询以确认用户详细信息。

$_SESSION['userid'] = $parameter_containing_result_from_login_query

然后在上面的更新中使用:

$sql="UPDATE users SET `firstname`='$firstname', `lastname` = '$lastname' WHERE `id`='" . $_SESSION['userid'] . "'";
相关问题
最新问题