从用户输入php更新数据库_Php_Mysql_Database

从用户输入php更新数据库

php mysql database

从用户输入php更新数据库,php,mysql,database,Php,Mysql,Database,我有一个数据库和一个名为users的表，这个表的一列名为depot_location。如果用户想要更改位置，则会向其显示此信息 <?php include("includes/header.php") ?> <div class="col-lg-6 col-lg-offset-3 col-md-6 col-md-offset-3"> <div class="alert-placeholder"> <?p

我有一个数据库和一个名为users的表，这个表的一列名为depot_location。如果用户想要更改位置，则会向其显示此信息

<?php include("includes/header.php") ?>

    <div class="col-lg-6 col-lg-offset-3 col-md-6 col-md-offset-3">
        <div class="alert-placeholder">

            <?php display_message(); ?>

            <?php update_depot(); ?>

        </div>
    </div>
    <div class="row">
        <div class="col-md-6 col-md-offset-3">
            <div class="panel panel-login">
                <div class="panel-heading">
                    <div class="row">

                        <div class="col-xs-12">
                            <h3>Update Depot Location</h3>
                        </div>
                    </div>
                    <hr>
                </div>
                <div class="panel-body">
                    <div class="row">
                        <div class="col-lg-12">
                            <form id="register-form" method="post" role="form" >
                                <div class="form-group">
                                    <select name="depot_location" id="depot_location" tabindex="1" class="form-control" value="" required>
                                        <option value="" disabled="disabled" selected="selected">Please select a drop-off location</option>
                                        <option value="Cork">Cork</option>
                                        <option value="Waterford">Waterford</option>
                                        <option value="Limerick">Limerick</option>
                                        <option value="Dublin">Dublin</option>
                                        <option value="Galway">Galway</option>
                                    </select>
                                </div>
                                    <div class="row">
                                        <div class="col-sm-6 col-sm-offset-3">
                                            <input type="submit" name="reset-password-submit" id="reset-password-submit" tabindex="4" class="form-control btn btn-register" value="Reset Password">
                                        </div>
                                    </div>
                                </div>
                            </form>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>

因此，他们从下拉菜单中选择新位置，想法是更新数据库。这是我的php代码，但它不工作

/****************************Update Depot Location Function********************************/

function update_depot() {

 if(isset($_GET['email'])) {

     if($_POST['depot_location']) {

            $updated_depot_location = ($_POST['depot_location']);
            $sql = "UPDATE users SET depot_location = '".escape($updated_depot_location)."', WHERE email = '".escape($_GET['email'])."'";
            query($sql);

            set_message("<p class='bg-success text-center'>Your depot location has been updated.</p>");

            redirect("change.php");

        } else {

            echo validation_errors("Could not change depot location please try again.");

        } 

 }

}

当点击submit按钮时，什么也没有发生，只是看起来刷新了页面。我不知道为什么它不工作。

我在您的更新sql中看到一个逗号

$sql = "UPDATE users SET depot_location = '".escape($updated_depot_location)."', WHERE email = '".escape($_GET['email'])."'";

请删除逗号，然后重试

$sql = "UPDATE users SET depot_location = '".escape($updated_depot_location)."' WHERE email = '".escape($_GET['email'])."'";

您是否检查了您是否在查询中获取了值。escape做什么呢？它对字符串进行转义，这样使用起来更安全，防止mysql injectionifisset$\u GET['email']