当您单击“提交”时,所做的选择将转到数据库中登录的用户行。遇到问题,选择不会在DB中更新,我没有收到任何错误,因此我无法识别问题是什么。
<?php include('connect.php');?>
<?php include('functions.php');?>
<?php include('titlebar.php');?>
<form action="login_success.php" method="POST">
<?php
// Inserts pick selection into DB in row of session user
if(isset($_POST['submitbtn'])) {
$selection = $_POST['selection'];
$pick = $mysqli->query("INSERT INTO users selection VALUE $selection WHERE id='$my_id'");
echo '<p>You have made a selection!</p>';
}
?>
<select id="tm1" name="selection">
<?php
$tt = date("h"); // hours 1-12
$current = date("l jS \of F Y h:i:s A"); // Current date/time
$sundayaftr = strtotime("3:00pm Sunday"); // Sunday MID-afternoon game time
$sundaymorn = strtotime("12:00pm Sunday"); // Sunday afternoon game time
$thurs = strtotime("7:00pm Thursday"); // Thursday night game time
$mon = strtotime("7:00pm Monday"); // Monday night game time
$start = strtotime("6:00am Wednesday"); // Wednesday morning Picks open
$close = strtotime("8:00pm Sunday"); // Sunday night game time
if($current > $thurs){$dis = ' disabled';}else{$dis = '';}echo '<option value="wr"'.$dis.'>Washington Redskins</option>';
if(($current >= $thurs) && ($current < $start)){$dis = ' disabled';}else{$dis = '';}echo '<option value="nyg"'.$dis.'>New York Giants</option>';
?>
</select>
<br>
<input type="submit" value="submit" name="submitbtn" id = "submitbtn">
</form>
这是用于创建登录用户会话的functions.php页面。
<?php
session_start();
function loggedin(){
if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])){
return true;
} else {
return false;
}
}
if(loggedin()) {
$my_id = $_SESSION['user_id'];
$user_query = $mysqli->query("SELECT username, Fname, password, user_level, type FROM users WHERE id='$my_id'");
$run_user = mysqli_fetch_array($user_query);
$username = $run_user['username'];
$Fname = $run_user['Fname'];
$password = $run_user['password'];
$user_level = $run_user['user_level'];
$user_type = $run_user['type'];
$query_level = $mysqli->query("SELECT name FROM user_level WHERE id='$user_level'");
$run_level = mysqli_fetch_array($query_level);
$level_name = $run_level['name'];
}
?>
答案 0 :(得分:0)
您应该使用UPDATE而不是INSERT,因为您正在更改值WHERE id='$my_id'并且您没有首次向数据库添加内容,例如注册新用户。
1)UPDATE的作用类似于:
"UPDATE `users` SET `selection` = '$selection' WHERE `id` = '$my_id'"
重要提示:您可以在第一个推荐中阅读,您的脚本存在SQL注入攻击的风险。
您正在使用原始选择值更新数据库。您应该首先将此值转换为mysqli_real_escape_string(string)。
mysqli_real_escape_string php manual。您还应该查看推荐中的链接以获取更多信息以及如何预览sql injection