我正在为基本的 PHP 学习目的创建一个虚拟应用程序,现在我的应用程序将用户登录到一个帐户,用户可以在该帐户中执行多项操作,例如搜索产品等。用户可以执行的功能之一是编辑帐户详细信息和此对我来说一切都出错了。没有显示任何错误,但是当我通过单击“编辑帐户”按钮提交查询时,一切都可以正常工作,但是当我检查数据库时,我发现没有任何改变...
我也知道代码的安全问题,但我想建立基本功能
userEditAccount.php:
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['Edit Account']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$dbusername = $_SESSION['username'];
$editQuery = mysql_query("UPDATE users SET user_id='NULL' username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE username='$edit'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
我还将包括 login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['username'] == $dbusername;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
在我自己的意见中,问题出在 SESSION 或查询中的某个地方,但我已经浏览了许多不同的资源,这不应该是一个问题....我可能遗漏了一些非常基本的东西或一些 LAME 错误:D