尝试使用表单更新登录用户的详细信息。页面加载时,详细信息已经在表格中,因此,如果用户想要更改其手机号码,例如,他们删除当前号码,则插入新号码,然后单击更新。
当我单击更新“'where子句'中的未知列'Adrian93''Adrian93是用户名
时,我收到此消息<?php
require('dbConnection.php');
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = {$_SESSION['username']}";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>
答案 0 :(得分:0)
第一:
检查您的列名和表名的拼写是否正确。
2nd:
在使用$ _SESSION []变量之前,您首先需要添加session_start()。
第三:我将串联$ _SESSSION []。 (我读起来会更好)像这样:
"WHERE username = ".$_SESSION['username'];
第四:我建议做更多这样的表单验证:
// check if everything has been filled and no empty inputs
if(empty(($UName)) || empty($Name) || empty($pwd) || empty($pwdRepeat) || empty($Mail)) {
header('Location: ../register-request.php?error=emptyfields');
exit();
}
else {
// Check if email is valid
else if(!filter_var($Mail, FILTER_VALIDATE_EMAIL)) {
header('Location: ../register-request.php?error=invalidemail');
exit();
}
// Check if the name is valid (No numbers), only letters
else if(!preg_match ("/^[a-zA-Z\s]+$/",$Name)) {
header('Location: ../register-request.php?error=invalidName');
exit();
}
// Check if the password is the same as the password repeat
else if ($pwd !== $pwdRepeat) {
header('Location: ../register-request.php?error=pwdnotsame');
exit();
}
// Check password string length
else if (strlen($pwd) < 8) {
header('Location: ../register-request.php?error=pwdTooShort');
exit();
}
// Check if the password contains any numbers
else if(!preg_match('#[0-9]+#', $pwd)) {
header('Location: ../register-request.php?error=invalidpwd');
exit();
}
// Check if password contains capitalized letters
else if (!preg_match('#[A-Z]+#', $pwd)) {
header('Location: ../register-request.php?error=invalidpwd');
exit();
}
// Check if password contains small letters
else if (!preg_match('#[a-z]+#', $pwd)) {
header('Location: ../register-request.php?error=invalidpwd');
exit();
}
第五:我还建议使用mysqli准备的语句。 (更多信息:https://www.w3schools.com/php7/php7_mysql_prepared_statements.asp)
希望对您有帮助
编辑
我还将在WHERE子句中使用ID代替用户名。
因为通常ID是自动递增的,所以它是唯一的,不会被编辑。
所以我会这样:WHERE ID = ".$id;
答案 1 :(得分:0)
拉尔夫斯评论”“可能与您的方括号有关。我在查询之前设置了$ username = $ _SESSION ['username'],然后只需执行WHERE username ='$ username'即可。对于SQL还要小心注射时,我会在您使用表单输入并将其直接放入查询的情况下使用准备好的语句。解决了该查询。立即运行,没有任何错误。
<?php
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$username = $_SESSION['username'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = '$username'";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>