所以我试图创建一个模态,用于从显示的表格中编辑用户(选中)。
我已经尝试了两种不同类型的提交来使这个过程起作用,但首先是我的PHP代码..(是Ik,清理变量,它将很快添加)
if ($_POST['edituser']) {
$uid = strip_tags($_POST['edituser']);
if (isset($_POST['email'])) {
$newemail = $_POST['email'];
mysqli_query($con, "UPDATE `users` SET `email` = '$newemail' WHERE `uid` = '$uid'") or die(mysqli_error($con));
}
if (isset($_POST['usergroup'])) {
$newusergroup = $_POST['usergroup'];
mysqli_query($con, "UPDATE `users` SET `usergroup` = '$newusergroup' WHERE `uid` = '$uid'") or die(mysqli_error($con));
}
if (isset($_POST['paypal'])) {
$newpaypal = $_POST['paypal'];
mysqli_query($con, "UPDATE `users` SET `paypal` = '$newpaypal' WHERE `uid` = '$uid'") or die(mysqli_error($con));
}
if (isset($_POST['avatarlink'])) {
$newavatarlink = $_POST['avatarlink'];
mysqli_query($con, "UPDATE `users` SET `avatarlink` = '$newavatarlink' WHERE `uid` = '$uid'") or die(mysqli_error($con));
}
if (isset($_POST['job'])) {
$newjob = $_POST['job'];
mysqli_query($con, "UPDATE `users` SET `job` = '$newjob' WHERE `uid` = '$uid'") or die(mysqli_error($con));
}
if (isset($_POST['aboutme'])) {
$aboutme = $_POST['aboutme'];
mysqli_query($con, "UPDATE `users` SET `aboutme` = '$newaboutme' WHERE `uid` = '$uid'") or die(mysqli_error($con));
}
header("Location: /staff/users?success=true");
die();
}
现在这些是我尝试过的两种提交方法......
<?php
$ug = $userRow['usergroup'];
$result = mysqli_query($con, "SELECT * FROM `users`") or die(mysqli_error($con));
while ($row = mysqli_fetch_array($result)) {
echo '
<div id="editUser'.$row['uid'].'" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Edit User</h4>
</div>
<form method="POST" action="users">
<div class="modal-body">
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="username" class="control-label">Username</label>
<input type="text" class="form-control" readonly="" id="username" value="'.$row['username'].'" disabled>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="email" class="control-label">Email</label>
<input type="text" class="form-control" name="email" id="email" value="'.$row['email'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="usergroup" class="control-label">Usergroup</label>';
if ($ug == "Owner" || $ug == "Manager") {
echo '<select name="usergroup" class="form-control">
<option value="'.$row['usergroup'].'" selected="selected" disabled>'.$row['usergroup'].'</option>
<option value="Client">Client</option>
<option value="Freelancer">Freelancer</option>
<option value="Moderator">Moderator</option>
<option value="Manager">Manager</option>
<option value="Owner" disabled>Owner</option>
</select>';
} else {
echo '<input type="text" class="form-control" readonly="" id="usergroup" value="'.$row['usergroup'].'" disabled>';
}echo '
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="paypal" class="control-label">PayPal</label>';
if ($ug == "Owner" || $ug == "Manager") {
echo '<input type="text" class="form-control" name="paypal" id="paypal" value="'.$row['paypal'].'">';
} else {
echo '<input type="text" class="form-control" readonly="" id="paypal" value="'.$row['paypal'].'" disabled>';
}echo '
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="joindate" class="control-label">Join Date</label>
<input type="text" class="form-control" readonly="" id="joindate" value="'.$row['joindate'].'" disabled>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="joinip" class="control-label">Join IP</label>
<input type="text" class="form-control" readonly="" id="joinip" value="'.$row['joinip'].'" disabled>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="avatarlink" class="control-label">Avatar Link</label>
<input type="text" class="form-control" name="avatarlink" id="avatarlink" value="'.$row['avatarlink'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="job" class="control-label">Job / Skills</label>
<input type="text" class="form-control" name="job" id="job" value="'.$row['job'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="aboutme" class="control-label">About</label>
<input type="text" class="form-control" name="aboutme" id="aboutme" value="'.$row['aboutme'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="portfolio_link" class="control-label">Portfolio</label>
<input type="text" class="form-control" name="portfolio_link" id="portfolio_link" value="'.$row['portfolio_link'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="tos" class="control-label">Accepted TOS</label>
<input type="text" class="form-control" readonly="" id="tos" value="'.$row['tos_accepted'].'" disabled>
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-danger btn-block" name="edituser">Edit User</button>
</div>
</form>
</div>
</div>
</div>
'; }
?>
使用此方法(上图),没有任何反应...页面只是刷新。
<?php
$ug = $userRow['usergroup'];
$result = mysqli_query($con, "SELECT * FROM `users`") or die(mysqli_error($con));
while ($row = mysqli_fetch_array($result)) {
echo '
<div id="editUser'.$row['uid'].'" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Edit User</h4>
</div>
<form method="POST" action="users">
<div class="modal-body">
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="username" class="control-label">Username</label>
<input type="text" class="form-control" readonly="" id="username" value="'.$row['username'].'" disabled>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="email" class="control-label">Email</label>
<input type="text" class="form-control" name="email" id="email" value="'.$row['email'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="usergroup" class="control-label">Usergroup</label>';
if ($ug == "Owner" || $ug == "Manager") {
echo '<select name="usergroup" class="form-control">
<option value="'.$row['usergroup'].'" selected="selected" disabled>'.$row['usergroup'].'</option>
<option value="Client">Client</option>
<option value="Freelancer">Freelancer</option>
<option value="Moderator">Moderator</option>
<option value="Manager">Manager</option>
<option value="Owner" disabled>Owner</option>
</select>';
} else {
echo '<input type="text" class="form-control" readonly="" id="usergroup" value="'.$row['usergroup'].'" disabled>';
}echo '
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="paypal" class="control-label">PayPal</label>';
if ($ug == "Owner" || $ug == "Manager") {
echo '<input type="text" class="form-control" name="paypal" id="paypal" value="'.$row['paypal'].'">';
} else {
echo '<input type="text" class="form-control" readonly="" id="paypal" value="'.$row['paypal'].'" disabled>';
}echo '
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="joindate" class="control-label">Join Date</label>
<input type="text" class="form-control" readonly="" id="joindate" value="'.$row['joindate'].'" disabled>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="joinip" class="control-label">Join IP</label>
<input type="text" class="form-control" readonly="" id="joinip" value="'.$row['joinip'].'" disabled>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="avatarlink" class="control-label">Avatar Link</label>
<input type="text" class="form-control" name="avatarlink" id="avatarlink" value="'.$row['avatarlink'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="job" class="control-label">Job / Skills</label>
<input type="text" class="form-control" name="job" id="job" value="'.$row['job'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="aboutme" class="control-label">About</label>
<input type="text" class="form-control" name="aboutme" id="aboutme" value="'.$row['aboutme'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="portfolio_link" class="control-label">Portfolio</label>
<input type="text" class="form-control" name="portfolio_link" id="portfolio_link" value="'.$row['portfolio_link'].'">
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="tos" class="control-label">Accepted TOS</label>
<input type="text" class="form-control" readonly="" id="tos" value="'.$row['tos_accepted'].'" disabled>
</div>
</div>
</div>
</div>
<div class="modal-footer">
<input type="submit" name="edituser" class="btn btn-danger btn-block" value="Edit User">
</div>
</form>
</div>
</div>
</div>
'; }
?>
尝试此方法(上图)时,页面和通知显示..但数据库中没有任何更新。
感谢您的帮助:)
答案 0 :(得分:0)
正如评论中所提到的,您的代码目前非常不安全。您绝对应该使用parametrised queries来防止人们弄乱您的数据库,并protect yourself from xss attacks以防止您的网站成为恶意软件。
但问题的答案是给输入字段name attribute in addition to an id。
目前,您的表单未发布任何数据 - 因此没有任何更改。