1. 首頁
  2. 問答
  3. PHP/SQL更新用戶行問題

PHP/SQL更新用戶行問題

2014-07-08 85 views
-2

我是一個完整的小白,所以我提前道歉,因爲我的無知/純粹的愚蠢。PHP/SQL更新用戶行問題

我試圖讓表單提交到數據庫的用戶行。我有這與INSERT工作,但是它只是把它放到一個新的行,而不是用戶的(我認爲)下面的代碼並沒有給出任何具體的錯誤,只是有一個(或更可能是很多)是這個適當的方式來解決這個問題?如果有的話,請指出問題,或指出解決方案的方向。

謝謝!

<?php 

$user = $_SESSION['username']; 

$con=mysqli_connect("localhost","USER","PASS","DB NAME"); 
// Check connection 

if (mysqli_connect_errno()) { 
echo "Failed to connect to MySQL: " . mysqli_connect_error(); } 

// escape variables for security 
$title = mysqli_real_escape_string($con, $_POST['title']); 
$firstname = mysqli_real_escape_string($con, $_POST['firstname']); 
$lastname = mysqli_real_escape_string($con, $_POST['lastname']); 
$jobtitle = mysqli_real_escape_string($con, $_POST['jobtitle']); 
$address = mysqli_real_escape_string($con, $_POST['address']); 
$postcode = mysqli_real_escape_string($con, $_POST['postcode']); 
$telephone = mysqli_real_escape_string($con, $_POST['telephone']); 
$email = mysqli_real_escape_string($con, $_POST['email']); 


$sql = 
mysql_query("UPDATE users SET title='$title', firstname='$firstname', lastname='$lastname', jobtitle='$jobtitle', address='$address', postcode='$postcode', telephone='$telephone', email='$email' WHERE username='$user'"); 

if (!mysqli_query($con,$sql)) { 
    die('Error: ' . mysqli_error($con)); 
} 
echo "Thank you, your details have now been submitted. From here you can Book and Pay for the Events you want to attend."; 

mysqli_close($con); 

?>

來源

2014-07-08 Honest Objections

+2

不要混合mysql_ *和mysqli_ *函數 – Phantom

+1

我可能會建議,因爲您使用mysqli開始時考慮使用預處理語句,而不是轉義每個變量,只需將它們作爲命名參數傳遞給準備好的聲明。如果你在任何地方都使用它,將會阻止你永遠忘記逃避變量。 – scragar

回答

2

你在混合mysql和mysqli函數。 Yo9u不能做到這一點。

$sql = mysql_query("UPDATE users SET title='$title', firstname='$firstname', lastname='$lastname', jobtitle='$jobtitle', address='$address', postcode='$postcode', telephone='$telephone', email='$email' WHERE username='$user'");

應該

$sql = mysqli_query($con, "UPDATE users SET title='$title', firstname='$firstname', lastname='$lastname', jobtitle='$jobtitle', address='$address', postcode='$postcode', telephone='$telephone', email='$email' WHERE username='$user'"); 
      ^^^  ^^^^^ 
      THESE MATTER

來源

2014-07-08 12:56:15

-1

替換查詢字符串,如下圖所示

$sql = 
mysqli_query($con,"UPDATE users SET title='".$title."', firstname='".$firstname."', lastname='".$lastname."', jobtitle='".$jobtitle."', address='".$address."', postcode='".$postcode."', telephone='".$telephone."', email='".$email."' WHERE username='".$user."'");

它很好的做法,把字符串用雙引號(「」 $變量。「)在查詢字符串中。

來源

2014-07-08 13:06:40 MRJethva

相關問題

 相關問題