我正在尝试编辑用户配置文件,如果我编辑 DOB 字段,它工作正常,但如果我不更改 DOB 字段,它会在数据库中保存值为 0000-00-00。任何人都可以帮助找出解决方案。编辑.php代码-
<?php
require_once("global.inc.php");
if(isset($_SESSION['logged_in']))
{
$user = unserialize($_SESSION['user']);
list($year,$month,$day)=explode('-', $user->DOB);
if(isset($_POST['edit']))
{
$id=$user->id;
$username = mysql_real_escape_string($_POST['username']);
$DOB = ($_POST['birthyear'].$_POST['birthmonth'].$_POST['birthday']);
$subject = mysql_real_escape_string($_POST['subject']);
$data['id'] = $id;
$data['username'] = $username;
$data['DOB'] = $DOB;
$data['subject'] = $subject;
$user=new User($data);
if($user->saveteacher(false))
{
echo '<script> alert("Your Profile Is Updated Successfully"); window.location.href="user/profile.php" ;</script>;';
}
else
{
echo mysql_error();
}
}
}
?>
<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#E1F5FF">
</div>
<form action="edit.php" method="post" >
<div class="reg-form">
<label style="float:left">Teacher Id</label>
<input class="unvisible" type="text" name="teacher_id" readonly value="<?php echo $user->id?>">
<br/><br/>
<label style="float:left">Username</label>
<input class="required" type="text" name="username" value="<?php echo $user->username?>">
<br/><br/>
<label style="float:left">D-O-B</label>
<div style="float:right">
<select style="margin-left:-4px; width:62px" name="birthyear">
<option value="<?php echo $year?>"><?php echo $year ?></option>
<?php for ($i = 1970; $i < date('Y'); $i++) : ?>
<option value="<?php echo $i; ?>"><?php echo $i; ?></option>
<?php endfor; ?>
</select>
<select style="margin-left:-4px; width:47px" name="birthmonth">
<option value=""><?php echo $month ?></option>
<?php for ($i = 1; $i <= 12; $i++) : ?>
<option value="<?php echo ($i < 10) ? '0'.$i : $i; ?>"><?php echo $i; ?></option>
<?php endfor; ?>
</select>
<select style="margin:-4px; width:47px" name="birthday">
<option value=""><?php echo $day ?></option>
<?php for ($i = 1; $i <= 31; $i++) : ?>
<option value="<?php echo ($i < 10) ? '0'.$i : $i; ?>"><?php echo $i; ?></option>
<?php endfor; ?>
</select>
</div>
<br/><br/>
<label style="float:left; ">Subject</label>
<input style="margin-top:18px; margin-left:80px" type="submit" name="edit" value="Save Changes">
</div>
</form>
</div>
</body>
</html>
编辑.php----------
<?php
require_once ("db.class.php");
class User {
public $id;
public $roll_no;
public $regno;
public $username;
public $password;
public $email;
public $fname;
public $lname;
public $DOB;
public $mobile;
public $altemail;
public $add;
public $area;
public $city;
public $state;
public $country;
public $branchname;
public $branchadd;
public $grade;
public $subject;
public $registered_on;
public $exp_date;
function __construct($data) {
$this->id = (isset($data['id'])) ? $data['id'] : "";
$this->roll_no = (isset($data['roll_no'])) ? $data['roll_no'] : "";
$this->registration_no = (isset($data['registration_no'])) ? $data['registration_no'] : "";
$this->teacher_id = (isset($data['teacher_id'])) ? $data['teacher_id'] : "";
$this->username = (isset($data['username'])) ? $data['username'] : "";
$this->email = (isset($data['email'])) ? $data['email'] : "";
$this->password = (isset($data['password'])) ? $data['password'] : "";
$this->first_name = (isset($data['first_name'])) ? $data['first_name'] : "";
$this->last_name = (isset($data['last_name'])) ? $data['last_name'] : "";
$this->DOB = (isset($data['DOB'])) ? $data['DOB'] : "";
$this->altemail = (isset($data['altemail'])) ? $data['altemail'] : "";
$this->mobile = (isset($data['mobile'])) ? $data['mobile'] : "";
$this->address = (isset($data['address'])) ? $data['address'] : "";
$this->area = (isset($data['area'])) ? $data['area'] : "";
$this->city = (isset($data['city'])) ? $data['city'] : "";
$this->state = (isset($data['state'])) ? $data['state'] : "";
$this->country = (isset($data['country'])) ? $data['country'] : "";
$this->branch_name = (isset($data['branch_name'])) ? $data['branch_name'] : "";
$this->branch_add = (isset($data['branch_add'])) ? $data['branch_add'] : "";
$this->subject = (isset($data['subject'])) ? $data['subject'] : "";
$this->grade = (isset($data['grade'])) ? $data['grade'] : "";
$this->registered_on = (isset($data['registered_on'])) ? $data['registered_on'] : "";
$this->exp_date = (isset($data['exp_date'])) ? $data['exp_date'] : "";
}
public function saveteacher($isNewUser = false) {
//create a new database object.
global $table;
$db = new DB();
//if the user is already registered and we're
//just updating their info.
if(!$isNewUser) {
//set the data array
$data = array(
//"roll_no" => "'$this->roll_no'",
"teacher_id" => "'$this->teacher_id'",
"username" => "'$this->username'",
"email" => "'$this->email'",
"first_name" => "'$this->first_name'",
"last_name" => "'$this->last_name'",
"DOB" => "'$this->DOB'",
"altemail" => "'$this->altemail'",
"mobile" => "'$this->mobile'",
"address" => "'$this->address'",
"area" => "'$this->area'",
"city" => "'$this->city'",
"state" => "'$this->state'",
"country" => "'$this->country'",
"branch_name" => "'$this->branch_name'",
"branch_add" => "'$this->branch_add'",
"branch_name" => "'$this->branch_name'",
"grade" => "'$this->grade'",
"subject" => "'$this->subject'"
);
$db->update($data, 'register_teacher', "id=".$this->id);
}else {
//if the user is being registered for the first time.
$data = array(
//"roll_no" => "'$this->roll_no'",
"teacher_id" => "'$this->teacher_id'",
"username" => "'$this->username'",
"email" => "'$this->email'",
"password" => "'$this->password'",
"first_name" => "'$this->first_name'",
"last_name" => "'$this->last_name'",
"DOB" => "'$this->DOB'",
"altemail" => "'$this->altemail'",
"mobile" => "'$this->mobile'",
"address" => "'$this->address'",
"area" => "'$this->area'",
"city" => "'$this->city'",
"state" => "'$this->state'",
"country" => "'$this->country'",
"branch_name" => "'$this->branch_name'",
"branch_add" => "'$this->branch_add'",
"branch_name" => "'$this->branch_name'",
"grade" => "'$this->grade'",
"subject" => "'$this->subject'",
"registered_on" => "'$this->registered_on'",
"exp_date" => "'$this->exp_date'" );
//"join_date" => "'".date("Y-m-d H:i:s",time())."'"
$this->id = $db->insert($data, 'register_teacher');
//$this->join_date = time();
}
return true;
}
public function savestudent($isNewUser = false) {
//create a new database object.
global $table;
$db = new DB();
//if the user is already registered and we're
//just updating their info.
if(!$isNewUser) {
//set the data array
$data = array(
"roll_no" => "'$this->roll_no'",
"registration_no" => "'$this->registration_no'",
"username" => "'$this->username'",
"email" => "'$this->email'",
"first_name" => "'$this->first_name'",
"last_name" => "'$this->last_name'",
"DOB" => "'$this->DOB'",
"altemail" => "'$this->altemail'",
"mobile" => "'$this->mobile'",
"address" => "'$this->address'",
"area" => "'$this->area'",
"city" => "'$this->city'",
"state" => "'$this->state'",
"country" => "'$this->country'",
"branch_name" => "'$this->branch_name'",
"branch_add" => "'$this->branch_add'",
"grade" => "'$this->grade'",
);
//update the row in the database
$db->update($data, 'register_student', "id=".$this->id);
}else {
//if the user is being registered for the first time.
$data = array(
"roll_no" => "'$this->roll_no'",
"registration_no" => "'$this->registration_no'",
"username" => "'$this->username'",
"email" => "'$this->email'",
"password" => "'$this->password'",
"first_name" => "'$this->first_name'",
"last_name" => "'$this->last_name'",
"DOB" => "'$this->DOB'",
"altemail" => "'$this->altemail'",
"mobile" => "'$this->mobile'",
"address" => "'$this->address'",
"area" => "'$this->area'",
"city" => "'$this->city'",
"state" => "'$this->state'",
"country" => "'$this->country'",
"branch_name" => "'$this->branch_name'",
"branch_add" => "'$this->branch_add'",
"grade" => "'$this->grade'",
"registered_on" => "'$this->registered_on'");
//"exp_date" => "'$this->exp_date'" );
//"join_date" => "'".date("Y-m-d H:i:s",time())."'"
$this->id = $db->insert($data, 'register_student');
//$this->join_date = time();
}
return true;
}
}
?>'
您正在生成一个日期字符串,如下所示
20130916
用于传入User对象。如果该字符串直接进入数据库,则您的数据库将其视为无效日期(MySQL,我假设?大多数数据库都希望他们的日期采用yyyy-mm-dd格式。
您也可能受到SQL注入攻击,因为当您对诸如username之类的东西进行手动转义时,您将直接传入日期值而不进行转义。