Php 登录后如何更新mysql中的数据
在此人登录到会话后,我想更新他的个人简历。这是一个大约20人的小项目,所以我不担心sql注入 有两个页面,第一个是注册/登录页面。另一个是个人资料。我想更新个人资料页面上的个人简介。单击“更新”按钮后,它将重定向到正确的页面,但数据库中没有任何更改Php 登录后如何更新mysql中的数据,php,mysql,Php,Mysql,在此人登录到会话后,我想更新他的个人简历。这是一个大约20人的小项目,所以我不担心sql注入 有两个页面,第一个是注册/登录页面。另一个是个人资料。我想更新个人资料页面上的个人简介。单击“更新”按钮后,它将重定向到正确的页面,但数据库中没有任何更改 //This is the signup server side $db = mysqli_connect('localhost', 'root', '', 'pt'); if (isset($_POST['reg_user'])) { $
//This is the signup server side
$db = mysqli_connect('localhost', 'root', '', 'pt');
if (isset($_POST['reg_user'])) {
$firstname = mysqli_real_escape_string($db, $_POST['firstname']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = $_POST['password_1'];
$password_2 = $_POST['password_2'];
$sex = mysqli_real_escape_string($db, $_POST['sex']);
if ($sex == "Select Sex:") {
array_push($errors, "select male or female");
}
$user_check_query = "SELECT * FROM users WHERE username='$username' OR
email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (firstname, lastname, username, email,
password, sex, bio)
VALUES('$firstname', '$lastname','$username', '$email', '$password',
'$sex','')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
header('location: profile.php');
}
}
//here is the code on the profile side.
?>
<?php
session_start();
if (isset($_SESSION['username'])) {
if (isset($_POST['update_user'])) {
$bio = mysqli_real_escape_string($db, $_POST['bio']);
$query = "UPDATE users SET bio='$bio' WHERE username=$username";;
header('location: profileclient.php');
}
}
?>
<form method="post" action="profileclient.php">
<div class="input-group">
<input type="text" name="bio">
</div>
<div class="input-group">
<button type="submit" class="button" name="update_user"> update!
</button>
</div>
</form>
//这是注册服务器端
$db=mysqli_connect('localhost','root','pt');
如果(isset($\u POST['reg\u user'])){
$firstname=mysqli\u real\u escape\u字符串($db,$\u POST['firstname']);
$lastname=mysqli\u real\u escape\u字符串($db,$\u POST['lastname']);
$username=mysqli\u real\u escape\u字符串($db,$\u POST['username']);
$email=mysqli\u real\u escape\u字符串($db,$\u POST['email']);
$password\u 1=$\u POST['password\u 1'];
$password_2=$_POST['password_2'];
$sex=mysqli\u real\u escape\u字符串($db,$\u POST['sex']);
如果($sex==“选择性别:”){
数组_push($errors,“选择男性或女性”);
}
$user\u check\u query=“从用户名=“$username”或
电子邮件=“$email”限制1”;
$result=mysqli\u查询($db$user\u check\u query);
$user=mysqli\u fetch\u assoc($result);
如果($user){
如果($user['username']=$username){
数组_push($errors,“用户名已存在”);
}
如果($user['email']==$email){
数组_push($errors,“电子邮件已存在”);
}
}
如果(计数($errors)==0){
$password=md5($password\u 1);
$query=“插入用户(名字、姓氏、用户名、电子邮件、,
密码、性别、个人信息)
值(“$firstname”、“$lastname”、“$username”、“$email”、“$password”,
"性别","性别",;
mysqli_查询($db,$query);
$\会话['username']=$username;
标题('location:profile.php');
}
}
//下面是配置文件侧的代码。
?>
尝试在输入标记中使用“id”属性和“name”属性在配置文件部分尝试使用此代码
Try this code in your profile section
<?php
session_start();
if (isset($_SESSION['username'])) {
if (isset($_POST['update_user'])) {
$bio = mysqli->escape_string($_POST['bio']);
$query = "UPDATE users SET bio='$bio' WHERE username='$username'" or die(mysqli_error());
$result = $db->query($query);
header('location: profileclient.php');
}
}
?>
<form method="post" action="profileclient.php">
<div class="input-group">
<input type="text" name="bio" id="name">
</div>
<div class="input-group">
<button type="submit" class="button" name="update_user"> update! </button>
</div>
</form>
您的代码有多个问题。让我把它们列出来
切勿以明文或使用MD5/SHA1存储密码仅存储使用PHP创建的密码哈希,然后可以使用进行验证。看看这篇文章:了解更多关于
警告:您完全可以使用参数化的准备语句,而不是手动生成查询。它们由或提供。永远不要相信任何类型的输入,尤其是来自客户端的输入。即使您的查询仅由受信任的用户执行
始终exit()
在标题('Location:…')之后
您似乎忘记在注册文件中启动会话。添加会话\u start()
您需要为mysqli启用错误报告。使用mysqli_报告(mysqli_报告错误| mysqli_报告严格)
以下是您的代码修复:
<?php
session_start();
//This is the signup server side
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$db = mysqli_connect('localhost', 'root', '', 'pt');
if (isset($_POST['reg_user'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password_1 = $_POST['password_1'];
$password_2 = $_POST['password_2'];
$sex = $_POST['sex'];
if ($sex == "Select Sex:") {
array_push($errors, "select male or female");
}
$user_check_query = "SELECT * FROM users WHERE username=? OR email=? LIMIT 1";
$stmt = mysqli_prepare($db, $user_check_query);
mysqli_stmt_bind_param($stmt, 'ss', $username, $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (!$errors) {
$password_hashed = password_hash($password_1, PASSWORD_DEFAULT);
$query = "INSERT INTO users (firstname, lastname, username, email, password, sex, bio)
VALUES(?, ?, ?, ?, ?, ?,'')";
$stmt = mysqli_prepare($db, $query);
mysqli_stmt_bind_param($stmt, 'ssssss', $firstname, $lastname, $username, $email, $password_hashed, $sex);
mysqli_stmt_execute($stmt);
$_SESSION['username'] = $username;
exit(header('location: profile.php'));
}
}
//here is the code on the profile side.
?>
<?php
session_start();
if (isset($_SESSION['username'])) {
if (isset($_POST['update_user'])) {
$query = "UPDATE users SET bio=? WHERE username=?";
$stmt = mysqli_prepare($db, $query);
mysqli_stmt_bind_param($stmt, 'ss', $_POST['bio'], $_SESSION['username']);
mysqli_stmt_execute($stmt);
exit(header('location: profileclient.php'));
}
}
?>
<form method="post" action="profileclient.php">
<div class="input-group">
<input type="text" name="bio">
</div>
<div class="input-group">
<button type="submit" class="button" name="update_user"> update!
</button>
</div>
</form>
这是一个大约20人的小项目,所以我不担心sql注入。
著名的遗言。每个项目都有增长的趋势。即使没有;大多数攻击发生在内部。必须始终使用参数化查询,没有例外。即使它不是针对目标的攻击,您也不希望您的应用程序在一个名为D'Artagnan
的小项目上崩溃,这个项目大约有20人,所以我不担心sql注入。。。如果您丢失了仅20个用户的数据,是否可以?您没有执行“UPDATE users SET bio='$bio'…
如何执行数据?如何执行数据?。。。如何使用选择
和插入
查询来执行此操作?;)这不提供问题的答案,并且建议使用错误的代码。这不提供问题的答案。非常感谢。如何使用准备好的语句使用登录表单?