我有一个网站,用户可以登录和注册。现在,我希望用户更新他们的个人资料。我无法更新数据库。我的表名是“成员”。每当我提交表格时都没有任何事情发生。
<?php
if(isset($_POST["submit"])){
$value1 = $_POST['year'];
$value2 = $_POST['astatus'];
$value3 = $_POST['address'];
$value4 = $_POST['phone'];
$value5 = $_POST['email'];
$newpass = $_POST['pass'];
$newpass2 = $_POST['pass2'];
$user=$_SESSION['sess_user'];
$conn = new mysqli('localhost', 'admin', 'password') or die(mysqli_error());
//Select DB From database
$db = mysqli_select_db($conn, "database") or die("Database Error");
//Selecting database
$update_user="UPDATE '".members."' SET year='".$value1."', astatus='".$value2."', address='".$value3."', phone='".$value4."', email='".$value5."', pass='".$newpass."' WHERE '".user."'='".$user."'";
if(isset($_SESSION["editerror"])){
session_destroy(editerror);
}
session_start(editsuccess);
$_SESSION["editsuccess"] ="Your student profile has been successfully updated.";
header("Location:profile.php");
}
else{
echo "error";
}
?>
答案 0 :(得分:0)
在页面顶部开始session
<?php
session_start();
if(isset($_POST["submit"])){
$value1 = $_POST['year'];
....
您的mysqli_query()
运行您的query
$result = mysqli_query($conn, $update_user) or die(mysqli_error($conn));
你的query使用这个也是错误的
$update_user="UPDATE members SET year='".$value1."', astatus='".$value2."', address='".$value3."', phone='".$value4."', email='".$value5."', pass='".$newpass."' WHERE user ='".$user."'";
答案 1 :(得分:0)
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var response = await client.PostAsJsonAsync("https://www.googleapis.com/geolocation/v1/geolocate?key=keyvalue", "" );
//Or client.PostAsync could be used this way:
//var response = await client.PostAsync("https://www.googleapis.com/geolocation/v1/geolocate?key=keyvalue", new StringContent("", Encoding.UTF8, "application/json"));
return await response.Content.ReadAsStringAsync();
}
应该是
$update_user="UPDATE '".members."' SET year='".$value1."', astatus='".$value2."', address='".$value3."', phone='".$value4."', email='".$value5."', pass='".$newpass."' WHERE '".user."'='".$user."'";
此外,您不能将这些值传递给数据库。您必须正确地转义它们以防止数据库注入。
答案 2 :(得分:0)
注意:Alwayes使用mysqli_real_escape_string - 在字符串中转义特殊字符以在SQL语句中使用,同时考虑连接的当前字符集
http://www.w3schools.com/php/func_mysqli_real_escape_string.asp
更新时使用prepare语句
http://php.net/manual/en/mysqli.prepare.php
你忘了执行查询
$update_user="UPDATE `members` SET `year`='".$value1."', `astatus`='".$value2."', `address`='".$value3."', `phone`='".$value4."', `email`='".$value5."', `pass`='".$newpass."' WHERE `user` ='".$user."'";
if ($conn->query($update_user) === TRUE) {
session_start(editsuccess);
$_SESSION["editsuccess"] ="Your student profile has been successfully updated.";
header("Location:profile.php");
} else {
echo "Error updating record: " . $conn->error;
}