我正在创建一个用于基本PHP学习目的的虚拟应用程序,现在我的应用程序将用户登录到一个用户可以做多种事情的帐户中,例如搜索产品等。其中一个功能的用户可以做的是编辑帐户的详细信息,这是一切都错了我。没有显示任何错误,但当我通过点击"编辑帐户"按钮提交查询时,一切都可以正常工作,但当我检查数据库时,我发现没有任何改变…
我也知道代码中的安全问题,但现在我想建立基本功能
userEditAccount.php:
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['Edit Account']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$dbusername = $_SESSION['username'];
$editQuery = mysql_query("UPDATE users SET user_id='NULL' username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE username='$edit'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
我还将包含login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['username'] == $dbusername;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
在我自己的意见有问题的地方在SESSION或查询,但我已经通过了许多不同的资源,它不应该是一个问题....我可能错过了一些非常基本的东西或一些蹩脚的错误:D
很简单。您使用if(isset($_POST['Edit Account'])),但您的提交按钮没有名称:<input type="submit" value="Edit Account" class="button">
将输入改为:
<input type="submit" value="Edit Account" name="edit_account" class="button">
,将if(isset($_POST['Edit Account']))改为if(isset($_POST['edit_account']))
$edit在哪里?
WHERE username='$edit'
也许你必须修改会话的$dbusername
Hovewer:
-不要使用mysql,使用mysqli或pdo
-您可以在一行中保护所有变量
foreach($_POST as $key => $var) $_POST[$key] = mysqli_real_escape_string($var);
-添加对输入变量的验证控制,以及登录会话检查