Php 用于更新数据库的未定义索引
我似乎找不到我的代码有什么问题 我只是想有一个不偏袒的意见,因为对我来说,它是完美的,它不是xDPhp 用于更新数据库的未定义索引,php,mysql,Php,Mysql,我似乎找不到我的代码有什么问题 我只是想有一个不偏袒的意见,因为对我来说,它是完美的,它不是xD <?php require("common.php"); if(empty($_SESSION['user'])) { header("Location: login.php"); die("Redirecting to login.php"); } if(!empty($_POST)) { if
<?php
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: login.php");
die("Redirecting to login.php");
}
if(!empty($_POST))
{
if($_POST['eID'] != $_SESSION['user']['eID'])
{
$query = "
SELECT
1
FROM users
WHERE
eID = :eID
";
$query_params = array(
':eID' => $_POST['eID']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("This employee ID is already registered");
}
}
if(!empty($_POST['password']))
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
}
else
{
$password = null;
$salt = null;
}
$query_params = array(
':eID' => $_POST['eID'],
':user_id' => $_SESSION['user']['id'],
);
if($password !== null)
{
$query_params[':password'] = $password;
$query_params[':salt'] = $salt;
}
$query = "
UPDATE users
SET
eID = :eID
";
if($password !== null)
{
$query .= "
, password = :password
, salt = :salt
";
}
$query .= "
WHERE
id = :user_id
";
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$_SESSION['user']['eID'] = $_POST['eID'];
header("Location: private.php");
die("Redirecting to private.php");
}
?>
<h1>Edit Account</h1>
<form action="edit_account.php" method="post">
Username:<br />
<b><?php echo htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8'); ?></b>
<br /><br />
EmployeeID:<br />
<input type="text" name="eID" value="<?php echo htmlentities($_POST['eID'], ENT_QUOTES, 'UTF-8'); ?>" />
<br /><br />
Password:<br />
<input type="password" name="password" value="" /><br />
<i>(leave blank if you do not want to change your password)</i>
<br /><br />
<input type="submit" value="Update Account" />
</form>
编辑帐户
用户名:
员工ID:
这将消除错误:
if($_POST['eID'] != $_SESSION['user']['eID'])
{
$query = "
SELECT
1
FROM users
WHERE
eID = ".$_POST['eID'];
}
如果eID是字符串值,请替换:
eID = ".$_POST['eID'];
与
请告诉我“Where eID=:eID是一个输入错误。它错了吗?heheheop已经在使用绑定参数,这表明它们不再使用绑定参数不是一个好主意。是的,没有发生任何事情。有任何建议@bcmcfc吗?
eID = '".$_POST['eID']."'";