我正在尝试使用PDO更新数据库中的表。目前我正在提交表单,除了白色屏幕外什么都没有,我已经启用了所有错误报告选项,但仍然只是一个白色的屏幕..我一直在盯着代码感觉像是一辈子仍然可以解决这个问题。推进正确的方向将非常感谢...谢谢
require('includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
$signedin = $_SESSION['username'];
$sql = "UPDATE member SET firstname = :firstname,
lastname = :lastname,
username = :username,
email = :email,
age = :age,
country = :country
where username = $signedin";
$stmt = $db->prepare($sql);
$stmt->bindParam(':firstname', $_POST['firstname'], PDO::PARAM_STR);
$stmt->bindParam(':lastname', $_POST['$lastname'], PDO::PARAM_STR);
$stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR);
// use PARAM_STR although a number
$stmt->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
$stmt->bindParam(':age', $_POST['age'], PDO::PARAM_STR);
$stmt->bindParam(':country', $_POST['country'], PDO::PARAM_INT);
$stmt= $db->execute($sql);
?>
答案 0 :(得分:2)
execute()
函数不需要$sql
(您在prepare()
中提供的内容)
$stmt->execute();
接下来,您应该将所有数据传递到准备好的声明中,否则您将失去目的(这是最大的安全性)。所以,让我们删除
$sql = "UPDATE member SET firstname = :firstname,
lastname = :lastname,
username = :username,
email = :email,
age = :age,
country = :country
where username = :username";
//snip
$stmt->bindParam(':username', $_SESSION['username'], PDO::PARAM_STR);
答案 1 :(得分:1)
您需要where clause
中的引号。
$sql = "UPDATE member SET firstname = :firstname,
lastname = :lastname,
username = :username,
email = :email,
age = :age,
country = :country
where username = '$signedin'";
此外,最好通过ID进行更新,因为它是唯一的。