dongmo1708 2019-03-30 14:31
浏览 124
已采纳

从表单输入更新用户详细信息

Trying to update the logged in users details using a form. The details are already in the form when the page loads so if the user wants to change thier mobile number for example they delete the current number, insert the new number and click update.

I get this message when I click update " Unknown column 'Adrian93' in 'where clause' " Adrian93 is the username

<?php
require('dbConnection.php');
require('checklogin.php');

if(isset($_POST['update']))
{
    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $DOB = $_POST['dob'];
    $natInsNo = $_POST['natInsNo'];
    $address = $_POST['address'];
    $email = $_POST['email'];
    $mobile = $_POST['mobile'];
    $password = $_POST['password'];

    $query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = {$_SESSION['username']}";

    $results = mysqli_query($conn, $query) or die (mysqli_error($conn));

}



?>
  • 写回答

1条回答 默认 最新

  • dousui3124 2019-03-30 14:57
    关注

    Ralphs comment "Probably has to do with your squirly brackets. I'd set $username = $_SESSION['username'] before your query then just do WHERE username='$username' Also be careful for SQL injections, I'd use prepared statements in you're case as you're taking form inputs and directly placing them in your query" solved the query. Runs now without any errors.

    <?php
    require('checklogin.php');
    
    if(isset($_POST['update']))
    {
        $firstName = $_POST['firstName'];
        $lastName = $_POST['lastName'];
        $DOB = $_POST['dob'];
        $natInsNo = $_POST['natInsNo'];
        $address = $_POST['address'];
        $email = $_POST['email'];
        $mobile = $_POST['mobile'];
        $password = $_POST['password'];
        $username = $_SESSION['username'];
    
        $query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = '$username'";
    
        $results = mysqli_query($conn, $query) or die (mysqli_error($conn));    
    }
    ?>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?