我一直在試圖創建一個簡單的形式來更新數據庫的詳細信息,在PHP代碼如下:當數據庫記錄被獲取,然後使用PHP SQL更新查詢不工作
// UPDATE THE DATABASE RECORDS //
$update = $_GET['update'];
if($update == "true"){
$setDetails="UPDATE users SET email='{$_POST['email']}', api_key='{$_POST['api_key']}', api_secret='{$_POST['api_secret']}' WHERE username='{$_POST['username']}'";
if(mysql_query($setDetails)){
$updatemsg = '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a><strong>Success!</strong> Your details have been updated in our database.</div>';
}else{
$updatemsg = '<div class="alert alert-error"><a href="#" class="close" data-dismiss="alert">×</a><strong>Failure!</strong> Your details could not be updated in our database. Please try again later or contact us if this keeps happening.</div>';
}
}else if($update == "false"){
$updatemsg = '<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a><strong>Success!</strong> Your changed were discarded.</div>';
}
// UPDATE THE DATABASE RECORDS //
// GET THE DATABASE RECORDS //
$getDetails="SELECT * FROM users WHERE username='$username'";
$details=mysql_query($getDetails);
$num=mysql_numrows($details);
if($num != 0){
$new_user = false;
$username=mysql_result($details,0,"username");
$email=mysql_result($details,0,"email");
$subscription_type=mysql_result($details,0,"subscription_type");
$subscription_date=mysql_result($details,0,"subscription_date");
$api_key=mysql_result($details,0,"api_key");
$api_secret=mysql_result($details,0,"api_secret");
setcookie("api_key", $api_key, time()+50000);
setcookie("api_secret", $api_secret, time()+50000);
}else{
$new_user = true;
}
// GET THE DATABASE RECORDS //
的變量定義填入HTML表單:
<form action="?update=true" method="POST">
<h2>Your Details</h2>
<input id="username" name="username" type="text" placeholder="" disabled="true" class="input-xlarge" value="<?=$username?>">
<input id="email" name="email" type="text" placeholder="" class="input-xlarge" value="<?=$email?>">
<input id="subscription_type" name="subscription_type" type="text" placeholder="" disabled="true" class="input-xlarge" value="<?=$subscription_type?>">
<input id="subscription_date" name="subscription_date" type="text" placeholder="" disabled="true" class="input-xlarge" value="<?=$subscription_date?>">
<input id="api_key" name="api_key" type="text" placeholder="" class="input-xlarge" value="<?=$api_key?>">
<input id="api_secret" name="api_secret" type="text" placeholder="" class="input-xlarge" value="<?=$api_secret?>">
<button type="submit" class="btn btn-success" id="saveChanges"><i class="icon-ok icon-white"></i> Save Changes</button> <a href="?update=false" class="btn btn-danger" id="discardChanges"><i class="icon-remove icon-white"></i> Discard Changes</a>
</form>
當頁面加載第一次,表單填寫,沒有任何問題,但是當它被編輯並提交$updatemsg
是:第二個(成功),但沒有改變數據庫中的數據。有任何想法嗎?
你可能會(理所當然)得到一些意見,告訴你,你很容易受到注入攻擊,因爲你是直接把你的$ _ POST變量到你的查詢。查找mysql注入,如果你正在做數據庫編程,你需要知道這一點。 – JPR
@JPR我不知道我是脆弱的注入,而我的意圖之前那種OUT /如果這個代碼以往任何時候都去住 - 此刻,這只是我的練習。 –
爲什麼你的表單域被禁用?這是沒有公佈價值的原因之一。 – Naeem