2014-05-07 20:17
浏览 69


I am trying to create a page to allow users to edit their details using PHP, which validates the content before being submitted. I want to allow users to update their username, first and second name and email address.

The validation consists of:

if(preg_match("/^[0-9a-zA-Z_]{3,}$/", $_POST["username"]) == 0)
$error_username = '<li>Usernames may contain only digits, upper and lower case letters and underscores</li>';

if(preg_match("/^[A-Za-z]+$/", $_POST["fname"]) == 0)
$error_fname = '<li>First Name may contain upper and lower case letters</li>';

if(preg_match("/^[A-Za-z]+$/", $_POST["sname"]) == 0)
$error_sname = '<li>Second Name may contain upper and lower case letters</li>';

if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\@\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST["email"]) == 0)
$error_email = '<li>Email Addresses must have a valid email address format</li>';

else header("Location: edit.php");  

And to display the errors:

<?php  if(isset($error_username)) echo $error_username; ?>
<?php  if(isset($error_fname)) echo $error_fname; ?>
<?php  if(isset($error_sname)) echo $error_sname; ?>
<?php  if(isset($error_email)) echo $error_email; ?>

The form that I have is:

<form name="edit_account" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<input class="form_field" name="username" type="text" value="<?php echo $_POST["username"]; ?>" placeholder="Username">
<input class="form_field" name="fname" type="text" value="<?php echo $_POST["fname"]; ?>" placeholder="First Name">
<input class="form_field" name="sname" type="text" value="<?php echo $_POST["sname"]; ?>" placeholder="Second Name">
<input class="form_field" name="email" type="text" value="<?php echo $_POST["email"]; ?>" placeholder="Email Address">
<input type="submit" name="Submit" value="Update Account">

Providing that all requirements of the validation are met, the user is taken to edit.php and then redirected to a success page:

$sql = $mysqli; 
$id = htmlentities($_SESSION['user_id']); 

$username = $sql->real_escape_string($_POST['username']);
$fname = $sql->real_escape_string($_POST['fname']); 
$sname = $sql->real_escape_string($_POST['sname']);  
$email = $sql->real_escape_string($_POST['email']);

$query = ("
UPDATE users 
WHERE id='$id'") ; 

$sql->query($query) or die($query.'<br />'.$sql->error); 
header ('Location: success.php');  

When I attempt to run this code, the updating fields are submitted into the database as blanks - However, without the validation, the users submitted details are successfully entered.

Can someone please point out what is causing the form to submit as a blank. Thanks.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • doudengjin8251
    doudengjin8251 2014-05-07 20:35

    You're posting them to the validation page, but losing them when you redirect to the edit.php page. Store the information in session variables before going to edit.php, like this:

    $_SESSION['username'] = $_POST["username"];
    // other variables also

    On the edit.php, instead of pulling from $_POST, pull from $_SESSION.

    Side Notes

    Don't forget session_start() at the top of each page. Also, you should look into prepared statements when using user input.

    点赞 评论
  • donglu5000
    donglu5000 2014-05-07 20:32

    It looks like you are redirecting to edit.php (which contains database insertion code) from the validation script. The issue is that the $_POST variable is reset when you redirect.

    I would include('path/to/edit.php') the edit.php script rather than redirect to it. If that isn't possible, I would save the $_POST data in a $_SESSION variable.

    Hope this helps

    点赞 评论