dongsimu4422 2018-07-03 15:52
浏览 61
已采纳

使用UPDATE更新MySQL中的用户数据[关闭]

I have run into an issue with my Administrator panel. I have an issue where when you try to update the profile by having the users preferences, it tends to keep the user data the same. I do not have any issues.

Listed below is the code for user.php

<?php

    include 'includes/db.php';
    include 'includes/protect.php';

    if(isset($_POST['submit_update'])){

        $firstName = $_POST['fname'];
        $lastName = $_POST['lname'];
        $email = $_POST['email'];
        $aboutMe = $_POST['about_me'];

        $query = "UPDATE users 
                  SET firstName = '$firstName', 
                      lastName = '$lastName', 
                      email = '$email', 
                      about_me = '$aboutMe', 
                  WHERE email = '$_SESSION[email]'";

        $edit_query = mysqli_query($conn, $query);
    }   
?>
  • 写回答

3条回答 默认 最新

  • dongxiao1591 2018-07-03 16:05
    关注

    The sure shot issue is with your $_SESSION[email]. But I think you also need few changes on your existing code. You can try like this way-

    1. Check value is exits or not before assigning the $_POST variable using isset() here I've assigned empty string by default you can change it as per your requirement. Also see how can you escape using http://php.net/manual/en/mysqli.real-escape-string.php

    2. Put your $_SESSION['email'] variable to a new variable in that case I used $sess_email. (this will be more readable)

    3. Remove extra comma(,) that you've put inside your UPDATE query.

    <?php
    $firstName = isset($_POST['fname']) ? $_POST['fname'] : "" ;
    $lastName = isset($_POST['lname']) ? $_POST['lname'] : "";
    $email = isset($_POST['email']) ? $_POST['email'] : "";
    $aboutMe = isset($_POST['about_me']) ? $_POST['about_me'] : "";
    $ses_email = isset($_SESSION['email']) ? $_SESSION['email'] : "";

    $query = "UPDATE users SET firstName = '$firstName', lastName = '$lastName', email = '$email', about_me = '$aboutMe' WHERE email = '$sess_email'";
    $edit_query = mysqli_query($conn, $query);
?>

    I also urge you to see how you can easily prevent SQL Injection if you use Prepared Statements in PHP.

    </div>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?