如果表单中的用户名未更改,则绕过检查

时间:2016-03-09 04:00:01

标签: php mysql

FORM     

<!DOCTYPE HTML>
<html>
<head>
<title>

</title>

</head>
<body>


<form id='updateholder' action='updateacc.php' method='post'>
            <fieldset >
                <legend>Update Account</legend>

Username:
                <input type='text' name='username' id='username' value = "<?php echo $row['user_Username']?>"/>
Current Password:
                <input type='text' name='curpassword' id='curpassword' value = "" maxlength="50" />
New Password:
                <input type='text' name='confirm' id='newpassword'   value = "" maxlength="50" />
Confirm New Password:
                <input type='text' name='confirm' id='confirmpassword'   value = "" maxlength="50" />
Middle Name:
                <input type='text' name='middlename' id='middlename' value = "<?php echo $row['user_Mname']?>"/>
Last Name:
                <input type='text' name='lastname' id='lastname' value = "<?php echo $row['user_Lname']?>"/>

                <input type='Submit' name='Submit' value='Submit' />
            </fieldset>
        </form>

<a href = "logout.php">LOGOUT</a>
</body>
</html>

Update.php

   <?php
    session_start();
    include('dbconn.php'); 

    $user_ID = $_SESSION['user_ID'] ;


    $sql = "SELECT * FROM tbl_user WHERE user_ID = '$user_ID'"; 

      $result = mysqli_query($con, $sql);
      $row    = mysqli_fetch_array($result, MYSQLI_ASSOC); 

    if (isset($_POST['Submit'])) {
                $username    = $_POST["username"];
                $curpassword = $_POST["curpassword"];
                $middlename  = $_POST["middlename"];
                $lastname    = $_POST["lastname"];

                $username   = trim(mysqli_escape_string($con, $username));
                $curpassword   = trim(mysqli_escape_string($con, $curpassword));
                $middlename = trim(mysqli_escape_string($con, $middlename));
                $lastname   = trim(mysqli_escape_string($con, $lastname));

                $sql2= "SELECT user_Username FROM tbl_user WHERE user_Username='$username'";
                $sql3= "SELECT user_Password FROM tbl_user WHERE user_ID='$accholder_ID'";
                $result2  = mysqli_query($con, $sql2);
                $result3 = mysqli_query($con, $sql3);
                $row2    = mysqli_fetch_array($result, MYSQLI_ASSOC);
                $row3    = mysqli_fetch_array($result2, MYSQLI_ASSOC);

        if (mysqli_num_rows($result) == 1) {
            echo "Sorry...This Username already exist..";
        }  else {
            $query = mysqli_query($con, "Update tbl_user SET user_Mname = "$middlename", user_Lname = "$lastname", user_Username = "$username", user_Password = "$curpassword"");

            if ($query) {
                echo "Account Updated";
            }
        }
    }
    ?>

我这里有一个代码,以html格式显示tbl_user的数据

但是当它检查用户名是否存在时 它总是echo "Sorry...This Username already exist.." 因为如果提交的话,它还会在支票中包含他自己现有的用户名

如果用户名不变,有没有办法绕过检查

2 个答案:

答案 0 :(得分:0)

如果您想绕过检查未更改的用户名,只需添加一个支票,如:

示例

if(trim($_POST["username"]) == $row['user_Username']){
   //return unchanged username stuff
}
else{
   // your stuff for changed username
}

如果表单值和数据库值相同,则表示username未更改,否则更改。

答案 1 :(得分:0)

您可以通过

直接查看
if($_POST["username"] == $row['user_Username'])
{
   echo "User Name Matched";
}
else
{
  echo "Unique User Name";
}