我正在尝试创建一个登录系统,然后在列表中显示所有用户信息,到目前为止我已经完成了所有工作,除了我不能在编辑页面上同时运行'rank'和'role'更新例如,目前我有角色工作但排名没有在数据库中更新,如果我删除所有带角色的代码,它将允许排名再次更新到数据库。
我想知道是否有人能告诉我为什么这不会更新到数据库,它当前正在更新会话信息。
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
// This if statement checks to determine whether the edit form has been submitted
// If it has, then the account updating code is run, otherwise the form is displayed
if(!empty($_POST))
{
// If the user entered a new password, we need to hash it and generate a fresh salt
// for good measure.
if(!empty($_POST['password']))
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
}
else
{
// If the user did not enter a new password we will not update their old one.
$password = null;
$salt = null;
}
// Initial query parameter values
$query_params = array(
':rank' => $_POST['rank'],
':user_id' => $_SESSION['user']['id']
);
$query_params = array(
':role' => $_POST['role'],
':user_id' => $_SESSION['user']['id']
);
// If the user is changing their password, then we need parameter values
// for the new password hash and salt too.
if($password !== null)
{
$query_params[':password'] = $password;
$query_params[':salt'] = $salt;
}
// Note how this is only first half of the necessary update query. We will dynamically
// construct the rest of it depending on whether or not the user is changing
// their password.
$query = "
UPDATE users
SET
rank = :rank
";
$query = "
UPDATE users
SET
role = :role
";
// If the user is changing their password, then we extend the SQL query
// to include the password and salt columns and parameter tokens too.
if($password !== null)
{
$query .= "
, password = :password
, salt = :salt
";
}
// Finally we finish the update query by specifying that we only wish
// to update the one record with for the current user.
$query .= "
WHERE
id = :user_id
";
try
{
// Execute the query
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Now that the user's rank has changed, the data stored in the $_SESSION
// array is stale; we need to update it so that it is accurate.
$_SESSION['user']['rank'] = $_POST['rank'];
// This redirects the user back to the members-only page after they register
header("Location: private.php");
die("Redirecting to private.php");
}
?>
<h1>Edit Account</h1>
<form action="edit_account.php" method="post">
battletag:<br />
<b><?php echo htmlentities($_SESSION['user']['battletag'], ENT_QUOTES, 'UTF-8'); ?></b>
<br /><br />
Preferred Role:<br />
<input type="radio" name="role" value="Assasin">Assasin
<input type="radio" name="role" value="Warrior">Warrior
<input type="radio" name="role" value="Specialist">Specialist
<input type="radio" name="role" value="Support">Support
<br /><br />
Rank<br />
<input type="text" name="rank" value="<?php echo htmlentities($_SESSION['user']['rank'], ENT_QUOTES, 'UTF-8'); ?>" />
<br /><br />
Password:<br />
<input type="password" name="password" value="" /><br />
<i>(leave blank if you do not want to change your password)</i>
<br /><br />
<input type="submit" value="Update Account" />
</form>
答案 0 :(得分:0)
您定义$query两次,第二次覆盖第一次。您需要将其更改为
$query = "UPDATE users SET rank = :rank";
$query .= ", role = :role";
您可能有条件,但不再存在。对于脚本中的$query_params定义也是如此。