-2

我有一个旨在更新我正在开发的网站上的用户配置文件的脚本,但我无法弄清楚。当我在网站上单击提交时,什么也没有发生,我有一个表单设置,而且我没有收到任何错误消息。我什至环顾谷歌寻找解决方案,但我找不到任何帮助。

这适用于同一个 .php 文件,它不请求另一个。它检查是否有 POST 请求,然后从那里执行所有操作……密码对用户来说是可选的,并且只有在密码字段中输入了某些内容时才应该这样做。如果没有 POST 请求,那么它只会向用户显示带有输入框等的表单/表格,这不是问题。

有任何想法吗?

if(isset($_POST['username']))
{
    try
    {
        /*** connect to database ***/
        /*** mysql hostname ***/
        $mysql_hostname = 'localhost';

        /*** mysql username ***/
        $mysql_username = 'username';

        /*** mysql password ***/
        $mysql_password = 'password';

        /*** database name ***/
        $mysql_dbname = 'database';

        /*** select the users name from the database ***/
        $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** if we are here the data is valid and we can insert it into database ***/
        $UsrEmail = filter_var($_POST['email'], FILTER_SANITIZE_STRING);
        $RealName = filter_var($_POST['realname'], FILTER_SANITIZE_STRING);

        /*** prepare the insert ***/
        $updUSR = "UPDATE Users
            SET UsrEmail=?, RealName=?
                WHERE UsrID=".$_SESSION['UsrID']."";
        $stmtu = $dbh->prepare($updUSR);
        $stmtu->bindParam(':email', $UsrEmail, PDO::PARAM_STR);
        $stmtu->bindParam(':realname', $RealName, PDO::PARAM_STR);
        $stmtu->execute(array($UsrEmail,$RealName));
        $stmtu->execute();

        if(isset($_POST['currpass'], $_POST['newpass1'], $_POST['newpass2']))
        {
            /*** if we are here the data is valid and we can insert it into database ***/
            $currpass = filter_var($_POST['currpass'], FILTER_SANITIZE_STRING);
            $newpass = filter_var($_POST['newpass1'], FILTER_SANITIZE_STRING);
            $newpass2 = filter_var($_POST['newpass2'], FILTER_SANITIZE_STRING);

            /*** verify if the passwords match ***/
            if($newpass == $newpass2)
            {
                /*** now we can encrypt the password ***/
                $UsrPasswd = sha1( $newpass );
                $updPW = "UPDATE Users
                    SET UsrPasswd=?
                        WHERE UsrID=".$_SESSION['UsrID']."";
                $stmtp->bindParam(':newpass', $UsrPasswd, PDO::PARAM_STR, 40);
                $stmtp = $dbh->prepare($updPW);
                $stmtp->execute(array($UsrPasswd));
                $stmtp->execute();
            }
            else
            {
                $message = "The passwords entered do not match, please try again.";
            }
        }

        /*** if all is done, say thanks ***/
        $message = 'Profile Settings Changed Successfully';
    }
    catch(Exception $e)
    {
        /*** if we are here, something has gone wrong ***/
        $message = 'We are unable to process your request.<br />Please try again later.';
    }
}
4

1 回答 1

0

您的代码存在一些问题,我在这部分更正了其中一些问题:

    $UsrEmail = $_POST['email'];
    $RealName = $_POST['realname'];

    /*** prepare the insert ***/
    $updUSR = "UPDATE Users SET UsrEmail=?, RealName=? WHERE UsrID=?";
    $stmtu = $dbh->prepare($updUSR);
    $stmtu->bindParam(1, $UsrEmail);
    $stmtu->bindParam(2, $RealName);
    $stmtu->bindParam(3, $_SESSION['UsrID']);
    $stmtu->execute();

如果你使用问号占位符,那么,你必须使用bindParam(1, $UsrEmail)not bindParam(":email", $UsrEmail),也不需要在里面传递数组execute

于 2013-09-24T10:44:45.377 回答