duanhuayong6687 2014-10-07 06:20
浏览 18
已采纳

更新查询问题

I've defined a user settings page in my website, and there are several forms that appears on that page, I'v written a query for these fields to be updated upon clicking on "submit" button, but some how I end up having this error below;

User Could Not Be Updated Because:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SHA1(5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8)', ' WHERE id =' at line 1

this is profile settings page codes for the form:

    <?php

    $uid = $_SESSION['user_id'];
    $query = mysqli_query($dbc, "SELECT * FROM users WHERE id = $uid ")or die(mysql_error());

    $arr = mysqli_fetch_assoc($query);

     ?> 

    <form action="?page=profileset&id=<?php echo $arr['id']; ?>" method="post" role="form">

            <label for="first">First Name</label>
            <input class="form-control" type="text" name="first" id="first" value="<?php echo $arr['first']; ?>" placeholder="First Name" autocomplete="off">

        </div>

        <div class="from-group">

            <label for="last">Last Name</label>
            <input class="form-control" type="text" name="last" id="last" value="<?php echo $arr['last']; ?>" placeholder="Last Name" autocomplete="off">

        </div>

        <br>

        <div class="from-group">

            <label for="email">Email Address</label>
            <input class="form-control" type="text" name="email" id="email" value="<?php echo $arr['email']; ?>" placeholder="Email Address" autocomplete="off">

        </div>

        <div class="from-group">

            <label for="password">Password</label>
            <input class="form-control" type="password" name="password" id="password" value="<?php echo $arr['password']; ?>" placeholder="Password" autocomplete="off">

        </div>

        <button id="profile-btn-change" type="submit" class="btn">Submit Changes</button>
        <input type="hidden" name="submitted" value="1">

    </form>

and this is the query which updates this form; 

                if(isset($_POST['submitted']) == 1){

                $first = mysqli_real_escape_string($dbc, $_POST['first']);
                $last = mysqli_real_escape_string($dbc, $_POST['last']);
                 $password = SHA1($_POST['password']);

                $action = 'Updated';
                $q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";

                $r = mysqli_query($dbc, $q);

                if($r){

                    $message = '<p class="alert alert-success">User Was '.$action.'!</p>';

                        } else {

                    $message = '<p class="alert alert-danger">User Could Not Be '.$action.' Because:'.mysqli_error($dbc);

                        }

            }

any consideration is appreciated

  • 写回答

1条回答 默认 最新

  • dongzhao1930 2014-10-07 06:24
    关注

    You are repeating the password = part in the UPDATE query.

    do 

    $password = sha1($_POST[password]);

    instead of 

    $password = " password = 'SHA1($_POST[password])', ";

    update

    make sure you try the update query like

    $q = "UPDATE users SET first = '".$first."', last = '".$last."', email = '".$_POST['email']."', password = '".$password."' WHERE id = '".$_POST['id']."'";

    and try to sanitize the variables while you use them.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。