1. 首頁
  2. 問答
  3. 旁路如果用戶名是形式不變檢查

旁路如果用戶名是形式不變檢查

2016-03-09 75 views
0

FORM 旁路如果用戶名是形式不變檢查

<!DOCTYPE HTML> 
<html> 
<head> 
<title> 

</title> 

</head> 
<body> 


<form id='updateholder' action='updateacc.php' method='post'> 
      <fieldset > 
       <legend>Update Account</legend> 

Username: 
       <input type='text' name='username' id='username' value = "<?php echo $row['user_Username']?>"/> 
Current Password: 
       <input type='text' name='curpassword' id='curpassword' value = "" maxlength="50" /> 
New Password: 
       <input type='text' name='confirm' id='newpassword' value = "" maxlength="50" /> 
Confirm New Password: 
       <input type='text' name='confirm' id='confirmpassword' value = "" maxlength="50" /> 
Middle Name: 
       <input type='text' name='middlename' id='middlename' value = "<?php echo $row['user_Mname']?>"/> 
Last Name: 
       <input type='text' name='lastname' id='lastname' value = "<?php echo $row['user_Lname']?>"/> 

       <input type='Submit' name='Submit' value='Submit' /> 
      </fieldset> 
     </form> 

<a href = "logout.php">LOGOUT</a> 
</body> 
</html>

Update.php

<?php 
    session_start(); 
    include('dbconn.php'); 

    $user_ID = $_SESSION['user_ID'] ; 


    $sql = "SELECT * FROM tbl_user WHERE user_ID = '$user_ID'"; 

     $result = mysqli_query($con, $sql); 
     $row = mysqli_fetch_array($result, MYSQLI_ASSOC); 

    if (isset($_POST['Submit'])) { 
       $username = $_POST["username"]; 
       $curpassword = $_POST["curpassword"]; 
       $middlename = $_POST["middlename"]; 
       $lastname = $_POST["lastname"]; 

       $username = trim(mysqli_escape_string($con, $username)); 
       $curpassword = trim(mysqli_escape_string($con, $curpassword)); 
       $middlename = trim(mysqli_escape_string($con, $middlename)); 
       $lastname = trim(mysqli_escape_string($con, $lastname)); 

       $sql2= "SELECT user_Username FROM tbl_user WHERE user_Username='$username'"; 
       $sql3= "SELECT user_Password FROM tbl_user WHERE user_ID='$accholder_ID'"; 
       $result2 = mysqli_query($con, $sql2); 
       $result3 = mysqli_query($con, $sql3); 
       $row2 = mysqli_fetch_array($result, MYSQLI_ASSOC); 
       $row3 = mysqli_fetch_array($result2, MYSQLI_ASSOC); 

     if (mysqli_num_rows($result) == 1) { 
      echo "Sorry...This Username already exist.."; 
     } else { 
      $query = mysqli_query($con, "Update tbl_user SET user_Mname = "$middlename", user_Lname = "$lastname", user_Username = "$username", user_Password = "$curpassword""); 

      if ($query) { 
       echo "Account Updated"; 
      } 
     } 
    } 
    ?>

我這裏有一個代碼,顯示tbl_user中的數據html表格

但是當它檢查用戶名是否存在 它將永遠echo "Sorry...This Username already exist.." ,因爲它也將包括在檢查自己的現有用戶名如果​​提交

是否有辦法繞過檢查,如果如果你想繞過檢查用戶名不變

來源

2016-03-09 JK. Constantine

+1

直接檢查相反張貼在這個問題的一切,請創建一種測試用例創建您所面臨的問題。它會幫助你獲得更好的答案。 – svirk

回答

0

不變的用戶名只添加一個檢查,如:

if(trim($_POST["username"]) == $row['user_Username']){ 
    //return unchanged username stuff 
} 
else{ 
    // your stuff for changed username 
}

如果表單值和數據庫值相同它意味着username保持不變,其他改變。

來源

2016-03-09 04:05:43 devpro

0

您可以通過

if($_POST["username"] == $row['user_Username']) 
{ 
    echo "User Name Matched"; 
} 
else 
{ 
    echo "Unique User Name"; 
}

來源

2016-03-09 06:30:26

相關問題

 相關問題