使用PHP阻止数据库更新的验证问题

时间:2010-12-03 15:30:50

标签: php mysql phpmyadmin

我正在使用以下PHP代码更新数据库中的信息,但在更新发生之前,即使所有字段都已完成,我也会提示完成所有字段

有人能看出为什么会这样吗?

这是我的代码

<?php

$update = strip_tags($_POST['update']); 

$username = strtolower(strip_tags($_POST['username']));

$olspassword = strip_tags($_POST['oldpassword']);

$newpassword = strip_tags($_POST['newpassword']);

$firstname = strip_tags($_POST['first']);

$lastname = strip_tags($_POST['last']);

$gender = strip_tags($_POST['gender']);

$address = strip_tags($_POST['address']);

$zipcode = strip_tags($_POST['zip']);

$contact = strip_tags($_POST['con']);

$email = strip_tags($_POST['mail']);

error_reporting(0);



if($update)
{




if($username&&$oldpassword&&$newpassword&&$firstname&&$lastname&&$address&&$zipcode&&$contact&&$email)
{

 $connect = mysql_connect("localhost","root","") or die(mysql_error());
 mysql_select_db(brightlights) or die(mysql_error());

 $updatecheck = mysql_query("SELECT username FROM tb_user WHERE username='$username'");
 $count = mysql_num_rows($updatecheck);
 if($count<=1)
 {

 if($_SESSION['password']==($oldpassword))
 {

 mysql_query("UPDATE tb_user SET
     username = '$username',
     password = '$newpassword',
     Firstname = '$firstname',
     Lastname = '$lastname',
     gender = '$gender',
     address = '$address',
     zipcode = '$zipcode',
     contact = '$contact',
     email = '$email'
     WHERE username='".$_SESSION['username']."'");
     $_SESSION['username'] = $username;
     $_SESSION['password'] = $newpassword;
     $_SESSION['Firstname'] = $firstname;
     $_SESSION['Lastname'] = $lastname;
     $_SESSION['gender'] = $gender;
     $_SESSION['address'] = $address;
     $_SESSION['zipcode'] = $zipcode;
     $_SESSION['contact'] = $contact;
     $_SESSION['email'] = $email;
     session_write_close();
     echo "Succesfully Updated!";

    }else
     echo "Password not match!";
   }else
    echo "Username already Taken!";
  }else
   echo "Please fill up all form!";
}
?>

2 个答案:

答案 0 :(得分:1)

这就是原因:

$olspassword = strip_tags($_POST['oldpassword']);
/// code
if($_SESSION['password']==($oldpassword)) {

代码块

if($_SESSION['password']==($oldpassword))

始终为false,因为永远不会设置$ oldpassword。你有一个错字:

$olspassword = strip_tags($_POST['oldpassword']);

查看变量$ olspassword?

答案 1 :(得分:0)

if($username&&$oldpassword&&$newpassword&&$firstname&&$lastname&&$address&&$zipcode&&$contact&`&$email)

使其像

if(isset($username) && isset($oldpassword)  and so on
相关问题
最新问题