PHP/SQL UPDATE用户行问题 - PHP/SQL UPDATE users row issues

PHP/SQL UPDATE users row issues

本文关键字：问题用户 UPDATE SQL PHP | 更新日期: 2023-09-27

我是个十足的新手，所以我提前为我的无知/愚蠢道歉。

我试图得到一个表单提交到数据库上的用户行。我有这个工作与INSERT，但只是把它放在一个新的行，而不是用户的(我认为)下面的代码没有给出许多任何特定的错误，只是有一个(或更可能的许多)这是合适的方式去做这个?如果有的话，谁能指出问题所在，或者指出解决方案的方向。

谢谢!

<?php
$user = $_SESSION['username'];
$con=mysqli_connect("localhost","USER","PASS","DB NAME");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error(); }
// escape variables for security
$title = mysqli_real_escape_string($con, $_POST['title']);
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$jobtitle = mysqli_real_escape_string($con, $_POST['jobtitle']);
$address = mysqli_real_escape_string($con, $_POST['address']);
$postcode = mysqli_real_escape_string($con, $_POST['postcode']);
$telephone = mysqli_real_escape_string($con, $_POST['telephone']);
$email = mysqli_real_escape_string($con, $_POST['email']);

$sql = 
mysql_query("UPDATE users SET title='$title', firstname='$firstname', lastname='$lastname', jobtitle='$jobtitle', address='$address', postcode='$postcode', telephone='$telephone', email='$email' WHERE username='$user'");
if (!mysqli_query($con,$sql)) {
   die('Error: ' . mysqli_error($con));
}
echo "Thank you, your details have now been submitted. From here you can Book and Pay for the Events you want to attend.";
mysqli_close($con);
?>

您正在混合mysql和mysqli函数。你不能那样做:

$sql = mysql_query("UPDATE users SET title='$title', firstname='$firstname', lastname='$lastname', jobtitle='$jobtitle', address='$address', postcode='$postcode', telephone='$telephone', email='$email' WHERE username='$user'");

应该

$sql = mysqli_query($con, "UPDATE users SET title='$title', firstname='$firstname', lastname='$lastname', jobtitle='$jobtitle', address='$address', postcode='$postcode', telephone='$telephone', email='$email' WHERE username='$user'");
           ^^^      ^^^^^
            THESE MATTER

将查询字符串替换为:

$sql = 
mysqli_query($con,"UPDATE users SET title='".$title."', firstname='".$firstname."', lastname='".$lastname."', jobtitle='".$jobtitle."', address='".$address."', postcode='".$postcode."', telephone='".$telephone."', email='".$email."' WHERE username='".$user."'");

在查询字符串时，最好将字符串放在双引号('".$variable."')中