请帮助......这是我第一次尝试php ... 我试图回显$ id,$ firstname等,它确实回显了正确的结果,但数据库无法更新。我不知道什么是错的......
这是“profile.php”
<?
include("common.php");
include("header.php");
?>
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
<td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
<td align="left" valign="top">
<? $link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
$email = $_SESSION['email'];
$sql = "SELECT * FROM fmcmember where email='$email'";
$result = mysql_query($sql);
$row = mysql_fetch_row($result); ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<form name="form4" method="post" action="update.php">
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td width="200" class="title">My Profile</td>
<td width="300" class="title">
</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td><input name="id" type="hidden" value="<? echo $row[0] ?>" size="30"/></td>
<td> </td>
</tr>
<tr>
<td class="email">Email</td>
<td class="email"><? echo $row[6] ?></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="content">Firstname</td>
<td><input name="firstname" type="text" class="inputfield" value="<? echo $row[1] ?>" size="30" maxlength="40" /></td>
<? if($row[3] == "M") { ?>
<td rowspan="16" align="left" valign="top">
<img src="images/myinfo/male.png" width="200" height="200" /></td>
<? } else { ?>
<td rowspan="16" align="left" valign="top">
<img src="images/myinfo/female.jpg" width="200" height="200" /></td>
<? } ?>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="content">Lastname</td>
<td><input name="lastname" type="text" class="inputfield" value="<? echo $row[2] ?>" size="30" maxlength="40" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="content">Gender</td>
<td class="content">
<input name="gender" type="radio" value="M" <? if($row[3] == "M") { echo "checked"; }?> />Male
<input name="gender" type="radio" value="F" <? if($row[3] == "F") { echo "checked"; }?> />Female</td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="content">Date of birth</td>
<td><input name="dob" type="text" class="inputfield" value="<? echo $row[4] ?>" size="30" maxlength="40" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="content">Address</td>
<td><input name="address" type="text" class="inputfield" value="<? echo $row[5] ?>" size="30" maxlength="200" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="content">Tel</td>
<td><input name="tel" type="text" class="inputfield" value="<? echo $row[7] ?>" size="30" maxlength="40" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="content">Fax</td>
<td><input name="fax" type="text" class="inputfield" value="<? echo $row[8] ?>" size="30" maxlength="40" /></td>
</tr>
<tr>
<td class="content"> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td><input name="Update" type="submit" value="Update" />
<input name="Reset" type="button" value="Reset" onclick="javascript:document.location.href='profile.php?action=reset'"/></td>
<td> </td>
</tr>
</form>
</table></td>
</tr>
</table></td>
<?
include("footer.php");
?>
update.php
<?
include("common.php");
//得到register.php 表單的數據
$id = $_POST["id"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$gender = $_POST["gender"];
$dob = $_POST["dob"];
$address = $_POST["address"];
$tel = $_POST["tel"];
$fax = $_POST["fax"];
$link = mysql_connect("localhost", "root", "password");
mysql_select_db("test");
mysql_query($sql, $link);
$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";
include("header.php");
?>
<td><table width="1000" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="145" align="left" valign="top"><script type="text/javascript" src="menu.js"></script></td>
<td width="50" align="left" valign="top"><img src="images/header/divided1.jpg" width="40" height="473" /></td>
<td align="left" valign="top"><table width="100%" align="left" valign="top" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="300"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="title"> </td>
</tr>
<tr>
<td class="title">My Profile</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td class="content">Your profile has been updated. Please return back to <a href="profile.php">my profile</a> page.</td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
</table></td>
<?
include("footer.php");
?>
答案 0 :(得分:1)
您无法对查询前未定义的变量进行查询:
$sql = "update fmcmember set firstname='" . mysql_real_escape_string($firstname) . "', lastname='" . mysql_real_escape_string($lastname) . "', gender='" . mysql_real_escape_string($gender) . "', dob='" . mysql_real_escape_string($dob) . "', address='" . mysql_real_escape_string($address) . "', tel='" . mysql_real_escape_string($tel) . "', fax='" . mysql_real_escape_string($fax) . "' where id='" . mysql_real_escape_string($id) . "'";
mysql_query($sql, $link);
您的SQL查询不安全:What is SQL injection?
我编辑了你的SQL查询,现在是安全的。
答案 1 :(得分:0)
您需要在进行查询之前定义SQL查询。在update.php中使用此行顺序
$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";
mysql_query($sql, $link);
答案 2 :(得分:0)
将此查询写在 mysql_query($ sql,$ link);
上方$sql = "update fmcmember set firstname='$firstname', lastname='$lastname', gender='$gender', dob='$dob', address='$address', tel='$tel', fax='$fax' where id='$id'";
答案 3 :(得分:0)
在profile.php中
$result=mysql_query($sql,$link);