douyinyi7766 2014-01-03 12:08
浏览 19

使用PHP和HTML表单更新帐户信息[关闭]

I have a PHP page with a HTML form and PHP on it. It asks the user to change their username and for it to change in the database. I have some code but it doesn't quite work and I'm stuck as to what I need. Could someone please give me some ideas?

HTML

<form id="edit" method="POST" action="">

    <h1>
        <label for="username">Username *</label>
        <input id="username1" type="text" name="username1" value=""/>
    </h1>

    <h1>
        <button id="submit" type="submit">Submit</button>
    </h1>

</form>

PHP

<?php

if (isset($_POST['edit'])){
    $username = $_POST["username1"];

    $id = $_SESSION["user_id"];
    $query = "UPDATE user SET username = '$username' WHERE id = '$id'";
}
?>
  • 写回答

1条回答 默认 最新

  • duanruoyu6675 2014-01-03 12:19
    关注

    You have to ask for $_POST['username'] instead of $_POST['edit'].

    And your query must be executed by mysqli or PDO. 

    <?php

if (isset($_POST['username1'])){
    $username = $_POST["username1"];

    $id = $_SESSION["user_id"];
    $query = "UPDATE user SET username = '$username' WHERE id = '$id'";
    mysqli_query($database_con, $query);
}
?>

    But these method is unsecure, because $username and $id could contain SQL-Injection.

    Use prepared statements instead.

    <?php
$con = new mysqli("host", "user", "password", "databasename");
if (isset($_POST['username1'])){
    $username = $_POST["username1"];

    $id = $_SESSION["user_id"];
    $stmt = $con->prepare("UPDATE user SET username = ? WHERE id = ?");
    $stmt->bind_param("si",$username,$id);
    $stmt->execute();
}
?>
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度