新数据未插入数据库
基本上是试图开发一个编辑用户页面,在该页面中用户可以编辑关于自己的少量信息。我是PHP的新手,所以不确定如何从HTML的输入框中更新新信息,然后将其注入数据库中以供合适的用户使用。 我知道这段代码已经过时了,这就是我在大学里教的方式,这是我能及时上大学完成我的作业的唯一方法,而无需重新学习我对php的了解。 我正在运行包含用户ID的会话,我想通过用户ID选择一个用户,然后更改该用户的信息。
我相信更新查询是我的问题, 这是我到目前为止所拥有的:
<?php
if (isset($_POST['submit'])) {
include_once 'dbcon.php';
$uname = mysqli_real_escape_string($conn, $_POST['uname']); //mysqli prevents database reading code (converts to text)
$first = mysqli_real_escape_string($conn, $_POST['firstname']);
$last = mysqli_real_escape_string($conn, $_POST['lastname']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = $_SESSION['u_id'];
//Error Handling
//Empty Field Check
if (empty($uname) || empty($first) || empty($last) || empty($email)) {
header("Location: ../profile.php?update=empty"); //return them to register if fields are empty
exit();
} else {
//Input characters valid?
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../profile.php?update=invalid");
exit();
} else {
//Email validity checked
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../profile.php?update=email");
exit();
} else {
//Check if username is taken
$sql = "SELECT * FROM user WHERE user_username='$uname'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../profile.php?update=usernametaken");
exit();
} else {
//UPDATE user in database
$sql = "UPDATE user
SET user_username = $uname,
user_first = $first,
user_last = $last,
user_email = $email
WHERE user_id = '$uid'";
mysqli_query($conn, $sql);
//USER IS TAKEN HERE AFTER UPDATED INFORMATION
header("Location: ../profile.php?update=success");
exit();
}
}
}
}