无法让用户更新信息

时间:2017-02-25 06:06:16

标签: php mysql

这是代码,我在网上搜索UPDATE语句,这是我学到的,但即使它没有出错,也不会改变数据库中的信息。

update.inc.php:

<?php 

session_start();

include '../data_base.php';
include 'header.php';

$first = $_POST['first'];
$last = $_POST['last'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$number = $_POST['number'];
$age = $_POST['age'];
$email = $_POST['email'];

$sql = "UPDATE user
SET first = $first, last = $last, uid = $uid, pwd = $pwd, number = $number, age = $age, email = $email
WHERE id = $id";
$result = mysqli_query($conn,$sql);

header("Location: ../index.php");

?>

update.php:

<?php
include 'header.php';
?>

<?php 
    if (isset($_SESSION['id'])) {
        echo "You Can Edit Your Files!";
    } else {
        echo "You Need To Create An Account First!";
    }
?>

<br><br><br>
<?php

    if (isset($_SESSION['id'])) {
        echo "<form action='includes/update.inc.php' method='POST'>
            <input type='text' name='first' placeholder='FirstName'><br>
            <input type='text' name='last' placeholder='LastName'><br>
            <input type='text' name='uid' placeholder='UserName'><br>
            <input type='password' name='pwd' placeholder='Password'><br>
            <input type='text' name='number' placeholder='Telemóvel'><br>
            <input type='text' name='age' placeholder='Idade'><br>
            <input type='text' name='email' placeholder='Email'><br>
            <button type='submit'>EDIT</button>
    </form>";
    }

?>

需要帮助。

2 个答案:

答案 0 :(得分:1)

首先在文件中启用错误,然后使用

更改查询 
$sql = "UPDATE user
SET first = '$first', last = '$last', uid = '$uid', pwd = '$pwd', number = '$number', age = '$age', email = '$email'
WHERE id = $id";

启用错误

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

答案 1 :(得分:0)

您的代码是开放的SQL注入,所以我想更喜欢使用mysqli的预处理语句(首选是PDO)

$sql = "UPDATE user
        SET first = ?, 
            last = ?,
            uid = ?, 
            pwd = ?, 
            number = ?, 
            age = ?, 
            email = ?
        WHERE id = ?";
$stmt = $mysqli->prepare($sql);
// here s represnts string and i represents integer to the corresponding variable
// example $firstname is string, i $uid is integer
$stmt->bind_param("ssisiisi",$firstname,$lastname,$uid,$pwd,$number,$age,$email,$id);

$first = $_POST['first'];
$last = $_POST['last'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$number = $_POST['number'];
$age = $_POST['age'];
$email = $_POST['email'];
// in above your $id is missing
$id = $_POST["id"];
// now execute the statement now your database changes
$stmt->execute(); 
echo "Record updated successfylly";
header("Location: ../index.php");
相关问题
最新问题