我想在registerUsers表上运行mysqli UPDATE,所以一旦点击更新按钮,它就会更新已更新的字段。
我需要它来更新名字,姓氏和电子邮件,如果密码字段为空,则不执行任何操作。 如果填写了密码,我希望它更新所有字段。
注释掉的代码(密码字段是'/ /,似乎不起作用..
我会怎么做?
<?php
include 'dbconnect.php';
include 'dumpr.php';
session_start();
if( ! $_SESSION['username'] ) {
header("Location: project-users-logout.php");
die();
}
$userid = mysqli_real_escape_string($db, $_GET['id']);
$sql = "SELECT * FROM registeredUsers WHERE UserID=$userid";
$query = mysqli_query($db,$sql);
$row = mysqli_fetch_assoc($query);
//Clean form values
$cleanFirstName = mysqli_real_escape_string($db, $_POST['frmName']);
$cleanSurname = mysqli_real_escape_string($db, $_POST['frmSurname']);
$cleanEmail = mysqli_real_escape_string($db, $_POST['frmEmail']);
//Clean password
$password = sha1(mysqli_real_escape_string($db, $_POST['frmPassword1']));
if (isset($_POST['Update']) && $_POST['Update'] == "Update") {
if ( ( $_POST['frmName'] != '') &&
($_POST['frmSurname'] != '') &&
($_POST['frmEmail'] != '')
// && ($_POST['frmPassword1'] = '') && ($_POST['frmPassword2'] = '')
)
{
$sql2 = "UPDATE registeredUsers SET FirstName = '$cleanFirstName', Surname = '$cleanSurname', EmailAddress='$cleanEmail' WHERE UserID='$userid'";
$upQry = mysqli_query($db, $sql2);
if ($upQry) {
/* SUCCESS */
header ("Location: project-users-manage.php ");
exit;
} else {
/* FAIL */
}
}
}
?>
<table border='1'>
<tr>
<th>Username</th>
<th>First Name</th>
<th>Surname</th>
<th>Email Address</th>
<th>Password 1</th>
<th>Password 2</th>
<th></th>
</tr>
<?php
echo "<form action='' method=post>";
echo "<tr>";
echo "<td>" . "<input disabled='disabled' type=text name=user value=" . $row['UserName'] . " </td>";
echo "<td>" . "<input type=text name='frmName' value=" . $row['FirstName'] . " </td>";
echo "<td>" . "<input type=text name='frmSurname' value=" . $row['Surname'] . " </td>";
echo "<td>" . "<input type=text name='frmEmail' value=" . $row['EmailAddress'] . " </td>";
echo "<td>" . "<input type=text name='frmPassword1' value='' " . "</td>";
echo "<td>" . "<input type=text name='frmPassword2' value='' " . "</td>";
echo "<td><input type='submit' name='Update' value='Update'></td>";
echo "</form>";
echo "</tr>";
header("Location: project-users-manage.php");
exit;
&GT;
答案 0 :(得分:0)
您在此处''分配$_POST['frmPassword1]:
&& ($_POST['frmPassword1'] = '') && ($_POST['frmPassword2'] = '')
但你真的想比较一下:
&& ($_POST['frmPassword1'] === '') && ($_POST['frmPassword2'] === '')
我会像那样实现所需的逻辑:
if ( ( $_POST['frmName'] != '') &&
($_POST['frmSurname'] != '') &&
($_POST['frmEmail'] != '')
)
{
$updatePwd='';
if ($_POST['frmPassword1'] != '') && ($_POST['frmPassword2'] != '') {
$updatePwd = ", password='".$_POST['frmPassword1']."' ";
}
$sql2 = "UPDATE registeredUsers SET FirstName = '$cleanFirstName', Surname = '$cleanSurname', EmailAddress='$cleanEmail'";
$sql2.= $updatePwd." WHERE UserID='$userid'";
// rest of code....
}
注意
在这个简单的例子中缺少/省略了三件重要的事情:
- 创造用户输入
- 使用准备好的陈述
- 加密密码
答案 1 :(得分:0)
像这样使用
if (( $_POST['frmPassword1'] != '') && ($_POST['frmPassword2'] != '')){
//Query For update All Field
}else{
$sql2 = "UPDATE registeredUsers SET FirstName = '$cleanFirstName', Surname = '$cleanSurname', EmailAddress='$cleanEmail' WHERE UserID='$userid'";
}
更新,检查passqord fileds