dongsimu4422 2018-07-03 15:52
浏览 61
已采纳

使用UPDATE更新MySQL中的用户数据[关闭]

I have run into an issue with my Administrator panel. I have an issue where when you try to update the profile by having the users preferences, it tends to keep the user data the same. I do not have any issues.

Listed below is the code for user.php

<?php

    include 'includes/db.php';
    include 'includes/protect.php';

    if(isset($_POST['submit_update'])){

        $firstName = $_POST['fname'];
        $lastName = $_POST['lname'];
        $email = $_POST['email'];
        $aboutMe = $_POST['about_me'];

        $query = "UPDATE users 
                  SET firstName = '$firstName', 
                      lastName = '$lastName', 
                      email = '$email', 
                      about_me = '$aboutMe', 
                  WHERE email = '$_SESSION[email]'";

        $edit_query = mysqli_query($conn, $query);
    }   
?>
  • 写回答

3条回答 默认 最新

  • dongxiao1591 2018-07-03 16:05
    关注

    The sure shot issue is with your $_SESSION[email]. But I think you also need few changes on your existing code. You can try like this way-

    1. Check value is exits or not before assigning the $_POST variable using isset() here I've assigned empty string by default you can change it as per your requirement. Also see how can you escape using http://php.net/manual/en/mysqli.real-escape-string.php

    2. Put your $_SESSION['email'] variable to a new variable in that case I used $sess_email. (this will be more readable)

    3. Remove extra comma(,) that you've put inside your UPDATE query.

    <?php
    $firstName = isset($_POST['fname']) ? $_POST['fname'] : "" ;
    $lastName = isset($_POST['lname']) ? $_POST['lname'] : "";
    $email = isset($_POST['email']) ? $_POST['email'] : "";
    $aboutMe = isset($_POST['about_me']) ? $_POST['about_me'] : "";
    $ses_email = isset($_SESSION['email']) ? $_SESSION['email'] : "";

    $query = "UPDATE users SET firstName = '$firstName', lastName = '$lastName', email = '$email', about_me = '$aboutMe' WHERE email = '$sess_email'";
    $edit_query = mysqli_query($conn, $query);
?>

    I also urge you to see how you can easily prevent SQL Injection if you use Prepared Statements in PHP.

    </div>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 ogg dd trandata 报错
  • ¥15 高缺失率数据如何选择填充方式
  • ¥50 potsgresql15备份问题
  • ¥15 Mac系统vs code使用phpstudy如何配置debug来调试php
  • ¥15 目前主流的音乐软件,像网易云音乐,QQ音乐他们的前端和后台部分是用的什么技术实现的?求解!
  • ¥60 pb数据库修改与连接
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错