dongsimu4422 2018-07-03 15:52
浏览 61
已采纳

使用UPDATE更新MySQL中的用户数据[关闭]

I have run into an issue with my Administrator panel. I have an issue where when you try to update the profile by having the users preferences, it tends to keep the user data the same. I do not have any issues.

Listed below is the code for user.php

<?php

    include 'includes/db.php';
    include 'includes/protect.php';

    if(isset($_POST['submit_update'])){

        $firstName = $_POST['fname'];
        $lastName = $_POST['lname'];
        $email = $_POST['email'];
        $aboutMe = $_POST['about_me'];

        $query = "UPDATE users 
                  SET firstName = '$firstName', 
                      lastName = '$lastName', 
                      email = '$email', 
                      about_me = '$aboutMe', 
                  WHERE email = '$_SESSION[email]'";

        $edit_query = mysqli_query($conn, $query);
    }   
?>
  • 写回答

3条回答 默认 最新

  • dongxiao1591 2018-07-03 16:05
    关注

    The sure shot issue is with your $_SESSION[email]. But I think you also need few changes on your existing code. You can try like this way-

    1. Check value is exits or not before assigning the $_POST variable using isset() here I've assigned empty string by default you can change it as per your requirement. Also see how can you escape using http://php.net/manual/en/mysqli.real-escape-string.php

    2. Put your $_SESSION['email'] variable to a new variable in that case I used $sess_email. (this will be more readable)

    3. Remove extra comma(,) that you've put inside your UPDATE query.

    <?php
        $firstName = isset($_POST['fname']) ? $_POST['fname'] : "" ;
        $lastName = isset($_POST['lname']) ? $_POST['lname'] : "";
        $email = isset($_POST['email']) ? $_POST['email'] : "";
        $aboutMe = isset($_POST['about_me']) ? $_POST['about_me'] : "";
        $ses_email = isset($_SESSION['email']) ? $_SESSION['email'] : "";
    
        $query = "UPDATE users SET firstName = '$firstName', lastName = '$lastName', email = '$email', about_me = '$aboutMe' WHERE email = '$sess_email'";
        $edit_query = mysqli_query($conn, $query);
    ?>
        

    I also urge you to see how you can easily prevent SQL Injection if you use Prepared Statements in PHP.

    </div>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题