php-编辑用户的个人资料页面

时间:2016-04-26 20:20:18

标签: php mysql

您好我想让用户更新自己的详细信息(个人资料页面) 我的页面工作正常但当我点击更新按钮时,页面只是刷新,细节保持不变这里是我的代码。

    <?php
session_start();
include_once 'dbconfig.php';

if(!isset($_SESSION['user']))
{
    header("Location: index.php");
}
$res=mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);



    if( isset($_POST['username']) )
    {
        $username= $_POST['username'];
        $id  = $_POST['user_id'];
        $sql  = "UPDATE users SET user_name='$username' user_id=".$_SESSION['user'];
        $res    = mysql_query($sql) 
                                    or die("Could not update".mysql_error());
        echo "<meta http-equiv='refresh' content='0;url=profile.php'>";
    }
            if( isset($_POST['useremail']) )
    {
        $useremail= $_POST['useremail'];
        $id = $_POST['user_id'];
        $sql  = "UPDATE users SET user_email='$useremail' WHEREuser_id=".$_SESSION['user'];
        $res = mysql_query($sql) 
                                    or die("Could not update".mysql_error());
        echo "<meta http-equiv='refresh' content='0;url=profile.php'>";
    }

        if( isset($_POST['userabout']) )
    {
        $userabout= $_POST['userabout'];
        $id  = $_POST['user_id'];
        $sql = "UPDATE users SET user_about='$userabout' WHERE user_id=".$_SESSION['user'];
        $res = mysql_query($sql) 
                                    or die("Could not update".mysql_affected_rows());
        echo "<meta http-equiv='refresh' content='0;url=profile.php'>";
    }

error_reporting(-1);
?>






<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><?php echo $userRow['user_email']; ?>s Profile</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>

<div class="box">

    <input type="button"/>

        <div class="menubar">
            <div class="menu">
                             <ul id="menubar">
                <li><?php echo $userRow['user_email']; ?><a href="logout.php?logout">Sign Out</a></li>
                </ul>
                </div>
            <div class="menu1">
            <ul id="menubar">
                <li><a class="upload" href="index1.php">Upload</a></li>
                </ul>
            </div>

</div>







    <div class="main">
<form action="profile.php" method="POST">
<div>
<label for="uname"><a>User Name:</a></label>
<input type="text" name="username"  value="<?php echo $userRow['user_name'];?>"/>
</div>

<div>
<label for="email"><a>Email:</a></label>
<input type="text" name="useremail"  value="<?php  echo $userRow['user_email'];?>"/>
</div>
<div>
<label for="about"><a>About me:</a></label>
<textarea name="userabout" rows="10" cols="30"><?php echo $userRow['user_about'];?></textarea>
</div>

<input type="submit"  value="Update">
<div>
</div>

</form>







 </div>



     <div id="mainv">
<table width="80%" border="1">
    <tr>
    <th colspan="4">your uploads...<label><a href="index.php">upload new files...</a></label></th>
    </tr>
    <tr>
    <td>File Name</td>
    <td>File Type</td>
    <td>File Size(KB)</td>
    <td>View</td>
    </tr>

<video width="700" height="500" controls="autoplay">
  <source src="mmm.mp4" type="video/mp4">
</video>

    <?php
 $sql="SELECT * FROM tbl_uploads";
 $result_set=mysql_query($sql);
 while($row=mysql_fetch_array($result_set))
 {
  ?>
</source>
        <tr>
        <td><?php echo $row['file'] ?></td>
        <td><?php echo $row['type'] ?></td>
        <td><?php echo $row['size'] ?></td>

        <td><a href="uploads/<?php echo $row['file'] ?>"target="frame_a">view file</a></td>
</a>        
</tr>
        <?php
 }
?>
   </table>


  </div>
  <div class="mid">
  <div class="main2"><div class="pop"><div class="pop1"><h2>More Popular videos<h2></div><div class="pop2"></div></div></div>
  <div class="com"><div class="comm"><div class="comm1"><h2>Best comments of the week<h2></div><div class="comm2"></div></div></div>
  </div>


</body>

</html>

我知道这是旧的PHP,但我开始我的项目,在项目的一半,我意识到有更新的版本。

你能帮帮我吗谢谢。

****我编辑了该代码而我发现了出现错误**** 无法更新您的SQL语法中有错误;检查与MySQL服务器版本对应的手册,以便在第1行的'user_id = 36'附近使用正确的语法

2 个答案:

答案 0 :(得分:1)

1)第一个语句中缺少WHERE,第二个语句中缺少空格。

2)您的代码中存在SQL注入漏洞。值来自用户输入并且未经过清理。

正确的代码是:

$sql = "UPDATE users SET user_name='" . mysql_real_escape_string($username) . "' WHERE user_id=" . $_SESSION['user'];

$sql = "UPDATE users SET user_email='" . mysql_real_escape_string($useremail) . "' WHERE user_id=" . $_SESSION['user'];

$sql = "UPDATE users SET user_about='" . mysql_real_escape_string($userabout) . "' WHERE user_id=" . $_SESSION['user'];

为了防止SQL注入,我在这里使用mysql_real_escape_string来保持代码的其余部分相同,但你一定要查看“预编译语句”的主题。

答案 1 :(得分:1)

为什么将$id绑定到$_POST['user_id'],而html中的表单甚至不发布?显然,您在$_SESSION['user']变量中拥有用户ID。

此外,您的SQL语句已损坏。

您的代码可能如下所示:

if( isset($_POST['username']) )
{
    $username= $_POST['username'];
    $id  = $_SESSION['user'];
    $sql  = "UPDATE users SET user_name='$username' WHERE user_id=$id";
    $res    = mysql_query($sql) 
                                or die("Could not update".mysql_error());
    echo "<meta http-equiv='refresh' content='0;url=profile.php'>";
}

if( isset($_POST['useremail']) )
{
    $useremail= $_POST['useremail'];
    $id  = $_SESSION['user'];
    $sql  = "UPDATE users SET user_email='$useremail' WHERE user_id=$id";
    $res = mysql_query($sql) 
                                or die("Could not update".mysql_error());
    echo "<meta http-equiv='refresh' content='0;url=profile.php'>";
}

if( isset($_POST['userabout']) )
{
    $userabout= $_POST['userabout'];
    $id  = $_SESSION['user'];
    $sql = "UPDATE users SET user_about='$userabout' WHERE user_id=$id";
    $res = mysql_query($sql) 
                                or die("Could not update".mysql_affected_rows());
    echo "<meta http-equiv='refresh' content='0;url=profile.php'>";
}
相关问题
最新问题