我有一個奇怪的問題,我真的不明白。我創建了一個註冊/登錄頁面,並在註冊頁面上要求輸入您的全名,電子郵件地址和性別。一旦你登錄了,有一個'我的詳細資料'的按鈕,一旦你點擊你可以改變你的詳細資料。所以這是我的問題,當我點擊「我的詳細資料」時,我可以看到全名,電子郵件和性別。但是當我嘗試更新它時,即使它指出「成功更新」它也會被徹底清除,甚至舊的細節也會被刪除。我懷疑它的下面的代碼..有一個'更新'按鈕問題
<?php
//this authenticates user
session_start();
if(!isset($_SESSION['username'])){
header("location:index.php");
}
$username = $_SESSION['username'];
?>
<?php include ('header.php'); ?>
<?php
$update = (isset($_GET['update']) ? $_GET['update'] : null);
$full_name = (isset($_GET['full_name']) ? $_GET['full_name'] : null);
$full_name = strip_tags($full_name);
$location = (isset($_GET['location']) ? $_GET['location'] : null);
$location = strip_tags($location);
$gender = (isset($_GET['gender']) ? $_GET['gender'] : null);
if($update == 1 && !empty($_POST)) // Checks if the form is submitted or not
{
$success_update = mysql_query("UPDATE users SET fullname='$full_name', location='$location', gender='$gender' WHERE username='$username' ");
if($success_update) {
echo '
<div class="alert alert-success">
Account Successfully updated!
</div>
';
}
else {
echo '
<div class="alert">
<button type="button" class="close" data-dismiss="alert">×</button>
Failed to update
</div>
';
}
}
$document_get = mysql_query("SELECT * FROM users WHERE username='$username'");
$match_value = mysql_fetch_array($document_get);
$fullname = $match_value['fullname'];
$location = $match_value['location'];
$gender = $match_value['gender'];
?>
<br/>
<div style="float:right"> <a class="btn btn-info" href="dashboard.php" > Account </a> <a class="btn" href="home.php"> <i class="icon-home icon-black"></i>Home</a>
<a class="btn btn-danger logout" href="logout.php" > Logout</a>
</div>
<fieldset>
<legend>Welcome <?php echo $username; ?>, </legend>
<br/>
<br/>
<form action="settings.php?update=1" method="post" name="myForm" onsubmit="return(validate());">
<fieldset>
<legend>Settings</legend>
<label>Full Name *</label>
<input name="full_name" type="text" placeholder="Type something…" value="<?php echo $fullname; ?>" >
<br/>
<label>Location </label>
<input name="location" type="text" placeholder="Type something…" value="<?php echo $location; ?>">
<br/>
<label>Gender </label>
<select name="gender">
<option <?php if($gender == 'Male') echo 'selected'; ?> >Male</option>
<option <?php if($gender == 'Female') echo 'selected'; ?> >Female</option>
</select>
<br/>
<button type="submit" class="btn">Update</button>
</fieldset>
</form>
</fieldset>
<script>
function validate()
{
if(document.myForm.full_name.value == "")
{
alert("Please provide your full name!");
document.myForm.full_name.focus() ;
return false;
}
return(true);
}
$('.logout').click(function(){
return confirm("Are you sure you want to Logout?");
})
</script>
<?php include ('footer.php'); ?>
任何想法?乾杯
你確定它是'$ _GET'而不是'$ _POST',導致你的變量爲'null',從而將所有字段更新爲'null'? –
嗨,我的名字是'bobby';掉桌用戶; --',但是當我嘗試註冊你的網站時崩潰並且中斷每個人。您是否考慮過轉義輸入,因此人們無法通過輸入SQL注入攻擊來刪除表格? – scragar
[**請不要在新代碼中使用'mysql_ *'函數**](http://bit.ly/phpmsql)。他們不再被維護[並且被正式棄用](http://j.mp/XqV7Lp)。看到[**紅框**](http://j.mp/Te9zIL)?學習[*準備的語句*](http://j.mp/T9hLWi),並使用[PDO](http://php.net/pdo)或[MySQLi](http://php.net/ mysqli) - [這篇文章](http://j.mp/QEx8IB)將幫助你決定哪個。如果你選擇PDO,[這裏是一個很好的教程](http://j.mp/PoWehJ)。 – esqew