duanhui9840
2014-02-26 17:34
浏览 21
已采纳

尝试使用PHP将配置文件从HTML表单更新到MySQL

I'm at this all day and have a feeling it may be something very simple. I am trying to give my users the option to update some of the entries in their user profile, without having to fill in everything everytime.

I'll post my code below but basically I am getting NO response at the minute.

My HTML form is as follows;

<table width="500" border="0" cellpadding="3" cellspacing="1">
    <tr>
        <form method="post" action="edit.php">
            <div data-role="fieldcontain">
                <td width="200">Name:</td>
                <td width="450"><input type="text" name="inputName" value="" /> </td>
    </tr>
    <tr>
        <td width="200">Password:</td>
        <td width="450"><input type="password" name="inputPassword" value="" /></td>
    </tr>
    <tr>
        <td width="200">Date of Birth:</td>
        <td width="450"><input type="date" name="inputDOB" value="" /></td>
    </tr>
    <tr>
        <td width="200">Core Competencies:</td>
        <td width="450">
            <input type="checkbox" name="coreComp[]" value="Honesty" />Honesty<br />
            <input type="checkbox" name="coreComp[]" value="Loyalty" />Loyalty<br />
            <input type="checkbox" name="coreComp[]" value="Trust" />Trust<br />
            <input type="checkbox" name="coreComp[]" value="Empathy" />Empathy<br />
            <input type="checkbox" name="coreComp[]" value="Respect" />Respect</td>
    </tr>
    <tr>
        <td colspan="2">
            <button data-theme="b" id="submit" type="submit">Submit</button>
        </td>
    </tr>
    <tr>
        <td colspan="2">
            <h3 id="notification"></h3>
        </td>
        </div>
        </form>
    </tr>
</table>

And my PHP currently looks like this;

<?php

session_start();
include 'includes/Connect.php';

$name = $_POST['inputName'];
$password = $_POST['inputPassword'];
$dob = $_POST['inputDOB'];
$aCC = implode( ',' , $_POST['coreComp'] );

$encrypt_password=md5($password);
$username=$_SESSION['myusername'];

if(!empty($name))
{
    mysql_query("UPDATE Profile SET `Name`='$name' WHERE Username='$username'" or die(mysql_error());
                echo("You have successfully updated your Name");
}
if(!empty($password))
{
    mysql_query("UPDATE Profile SET Password='$encrypt_password' WHERE Username='$username'" or die(mysql_error());
                echo("You have successfully updated your Password");
}
if(!empty($dob))
{
    mysql_query("UPDATE Profile SET DOB='$dob' WHERE Username='$username'" or die(mysql_error());
                echo("You have successfully updated your Date of Birth");
}
if(!empty($aCC))
{
    mysql_query("UPDATE Profile SET CC='$aCC' WHERE Username='$username'" or die(mysql_error());
                echo("You have successfully updated your Core Values");
}

   mysql_close(); 

?>
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duanlu4371 2014-02-26 17:45
    已采纳

    You have a series of syntax errors. This is incorrect, because it is missing a ):

    mysql_query("UPDATE Profile SET `Name`='$name' WHERE Username='$username'" or die(mysql_error());
    

    You need to close the parenthesis ()) after the query string, but before or die...:

    mysql_query("UPDATE Profile SET `Name`='$name' WHERE Username='$username'") or die(mysql_error());
    

    Corrected code:

    if(!empty($name))
    {
        mysql_query("UPDATE Profile SET `Name`='$name' WHERE Username='$username'") or die(mysql_error());
                    echo("You have successfully updated your Name");
    }
    if(!empty($password))
    {
        mysql_query("UPDATE Profile SET Password='$encrypt_password' WHERE Username='$username'") or die(mysql_error());
                    echo("You have successfully updated your Password");
    }
    if(!empty($dob))
    {
        mysql_query("UPDATE Profile SET DOB='$dob' WHERE Username='$username'") or die(mysql_error());
                    echo("You have successfully updated your Date of Birth");
    }
    if(!empty($aCC))
    {
        mysql_query("UPDATE Profile SET CC='$aCC' WHERE Username='$username'") or die(mysql_error());
                    echo("You have successfully updated your Core Values");
    }
    

    Also, as I pointed out in the comments above, the mysql_* functions are deprecated, and you are wide open to SQL injection. You need to use MySQLi or PDO and use prepared statements. Your HTML also has all sorts of problems, like a div and a form that start inside one tr and end in another. This isn't why your code fails, but I would strongly suggest cleaning up your code.

    点赞 打赏 评论

相关推荐 更多相似问题