Fatal编程技术网
  • php/
  • Php Can';无法保存在数据库上,但我的验证正在工作

Php Can';无法保存在数据库上,但我的验证正在工作

php html sql

Php Can';无法保存在数据库上,但我的验证正在工作,php,html,sql,Php,Html,Sql,你好!我正在制作一个页面,让学生们可以更新他们的个人资料。所以我需要一种验证方法。是的,我的验证代码正在工作,但它不会保存在数据库中。在她/他完成回答所需字段后,他将进入另一页 这是我的密码: <?php // First we execute our common code to connection to the database and start the session require("common.php"); // At the top of the p

你好!我正在制作一个页面,让学生们可以更新他们的个人资料。所以我需要一种验证方法。是的,我的验证代码正在工作,但它不会保存在数据库中。在她/他完成回答所需字段后,他将进入另一页

这是我的密码:

<?php
// First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
        // If they are not, we redirect them to the login page. 
        header("Location: login.php"); 

        // Remember that this die statement is absolutely critical.  Without it, 
        // people can view your members-only content without logging in. 
        die("Redirecting to login.php"); 
    } 

    // Everything below this point in the file is secured by the login system 

    // We can display the user's username to them by reading it from the session array.  Remember that because 
    // a username is user submitted content we must use htmlentities on it before displaying it to the user.
    // Database Variables (edit with your own server information)

        $server = 'localhost';
        $user = 'root';
        $pass = '';
        $db = 'testing';

        // Connect to server and select databse.
        mysql_connect("$server", "$user", "$pass")or die("cannot connect"); 
        mysql_select_db("$db")or die("cannot select DB");

$sql ="SELECT * FROM users_info WHERE username = '".$_SESSION['user']['username']."' ";
$result=mysql_query($sql);

if($result === FALSE) {
    die(mysql_error()); // TODO: better error handling
}

    // define variables and set to empty values
$nameErr = $addressErr = $ageErr = $cellnoErr = $emailErr = $fathers_nameErr = $f_occupationErr = $mothers_nameErr = $m_occupationErr = "";
$name = $address = $age = $cellno = $telno = $email = $fathers_name = $f_occupation = $mothers_name = $m_occupation = "";

while($rows=mysql_fetch_array($result)){
$test=mysql_fetch_array($result);

if(!$result) 
        {
        die("Error: Data not found..");
        }       
                 $name = $test['name'];
                 $address = $test['address'];
                 $age = $test['age'];
                 $cellno = $test['cellno'];
                 $telno = $test['telno'];
                 $email = $test['email'];
                 $fathers_name = $test['fathers_name'];
                 $f_occupation = $test['f_occupation'];
                 $mothers_name = $test['mothers_name'];
                 $m_occupation = $test['m_occupation'];
}

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
  if (empty($_POST["name"]))
    {$nameErr = "Name is required";}
  else
    {
    $name = test_input($_POST["name"]);
    // check if name only contains letters and whitespace
    if (!preg_match("/^[a-zA-Z ]*$/",$name))
      {
      $nameErr = "Only letters and white space allowed"; 
      }
    }

  if (empty($_POST["address"]))
    {$addressErr = "Address is required";}
    else
     {$address =($_POST["address"]);}

  if (empty($_POST["age"]))
    {$ageErr = "Age is required";}
    else
     {$age = ($_POST["age"]);}

    if (empty($_POST["cellno"]))
    {$cellnoErr = "Cellphone Number is required";}
    else
     {$cellno = ($_POST["cellno"]);}

  if (empty($_POST["email"]))
    {$emailErr = "Email is required";}
  else
    {
    $email = test_input($_POST["email"]);
    // check if e-mail address syntax is valid
    if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
      {
      $emailErr = "Invalid email format"; 
      }
    }

  if (empty($_POST["fathers_name"]))
    {$fathers_nameErr = "Father's Name is required";}
    else
     {$fathers_name = ($_POST["fathers_name"]);}

  if (empty($_POST["f_occupation"]))
    {$f_occupationErr = "Father's Occupation is required";}
    else
     {$f_occupation = ($_POST["m_occupation"]);}

  if (empty($_POST["mothers_name"]))
    {$mothers_nameErr = "Mother's Name is required";}
    else
     {$mothers_name =($_POST["mothers_name"]);}

  if (empty($_POST["m_occupation"]))
    {$m_occupationErr = "Mother's Occupation is required";}
    else
     {$m_occupation =($_POST["m_occupation"]);}
}
function test_input($data)
{
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;

    mysql_query ("UPDATE `users_info` SET `name` ='$name', `address` ='$address',`age` ='$age', `cellno` ='$cellno' , `telno` ='$telno', `email` ='$email', `fathers_name` ='$fathers_name', `f_occupation` ='$f_occupation', `mothers_name` ='$mothers_name', `m_occupation` ='$m_occupation' WHERE username = '".$_SESSION['user']['username']."' ") or die(mysql_error()); 

    header("Location: myprofile.php");          
}
?>

你分配变量,然后重定向页面,也许你也应该把它们放在一个会话中,以便在表单中显示它们。
这怎么办?我认为是
会话_start()可以在
common.php中找到
Hello Fred,yes
session_start()
includes in common.php只是快速浏览一下,我没有看到名为
mothers\u name
的表单元素,我可以继续查找其他缺少的命名元素。为什么在$\u POST[]周围都有括号?不管怎样,看起来您没有对输入进行消毒。