我想根据用户输入更新我数据库的两个字段。我的代码是这样的:
<body>
<?php
$db_server["host"] = "localhost"; //database server
$db_server["username"] = "root"; // DB username
$db_server["password"] = "mypass"; // DB password
$db_server["database"] = "mudb";// database name
$dbc = mysql_connect($db_server["host"], $db_server["username"], $db_server["password"]);
mysql_select_db($db_server["database"], $dbc);
$user = $_COOKIE['mycookie'];
$q = "SELECT * FROM members WHERE username='$user'";
$r = mysql_query( $q,$dbc);
while ($row = mysql_fetch_array($r, MYSQLI_ASSOC)) {
echo 'username: '.$row['username'], '<br/>';
$password=$row['password'];
?>
<form method="post" id="changepasswordform" >
<input type="password" id="newpassword" name="newpassword"/>
<input type="submit" name="changepasswordbutton" >
</form>
<?php
echo 'email: '.$row['email'], '<br/>';
}
?>
<form method="post" id="changeemailform" >
<input type="text" id="newemail" name="newemail"/>
<input type="submit" value="αλλαγή" name="changeemailbutton" >
</form>
<?php
}
if (isset($_POST['changepasswordbutton'])){
$newpassword=$_POST['newpassword'];
$q2 = "UPDATE members SET password=$newpassword WHERE username='$user'";
$r2 = mysql_query($q2,$dbc);
}
if (isset($_POST['changeemailbutton'])){
$newemail=$_POST['newemail'];
$q3 = "UPDATE members SET email=$newemail WHERE username='$user'";
$r3 = @mysql_query( $q3,$dbc);
}
?>
</body>
然而,尽管我与数据库的连接正常(SELECT 按预期显示结果),但当我尝试更新时,数据库中的值保持不变。我检查了 $newpassword 和 $newemail 的值,它们确实包含用户每次输入。我在这里缺少什么?
最佳答案
您缺少应该包含密码字段的 ''
(引号)。
改变:
UPDATE members SET password=$newpassword WHERE username='$user'
到:
UPDATE members SET password='{mysql_real_escape_string($password)}'
WHERE username='{mysql_real_escape_string($user)}'
重要提示:
即使它不相关,也请不要使用 mysql_*
函数 - 它已被弃用并且容易受到 sql 注入(inject)的影响。最好使用 PDO 或 MySQLi。
关于php - MySQL 更新不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12167198/