用户登录系统后,我正在进行用户个人资料更新。一切都很好,用户登录后,用户可以更改用户名传递等。但是有一个问题,当用户更改其详细信息时,它将更改整个用户数据库详细信息。这是我的编码
这是登录编码
<form class="modal-content animate" action="qcon.php" method="POST">
<div class="imgcontainer">
<span onclick="document.getElementById('id01').style.display='none'"
class="close" title="Close Modal">×</span>
<img src="download.png" alt="Avatar" class="avatar">
</div>
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="uname" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit">Login</button>
<input type="checkbox" checked="checked" name ="submit"> Remember me
</div>
这是连接数据库编码
<?php
$connect = new mysqli("localhost","root","","tenantsdb");
$submit = isset($_POST['submit']);
if($submit)
{
$uname = $_POST['uname'];
$psw = $_POST['psw'];
}
$get = mysqli_query($connect, "SELECT * FROM tenantsignup WHERE uname
='$uname' AND psw ='$psw'");
$get2 = mysqli_fetch_assoc($get);
$id = $get2['id'];
$num = mysqli_num_rows($get);
if($num==1)
{
header("location:q1.php?id=$id");
}
else
{
echo"this username doesnt exsts";
}
?>
以下是用户登录后的页面
<div class = "col-md-6">
<div class = "panel panel-default">
<div class = "panel-body">
<?php
global $conn;
$servername = "localhost"; //host name
$username = "root"; //username
$password = ""; //password
$mysqli_database = "tenantsdb"; //database name
//mysqli prepared statement
$conn = mysqli_connect($servername, $username, $password,
$mysqli_database) or die("Connection failed: " .
mysqli_connect_error());
mysqli_select_db($conn,$mysqli_database) or die("Opps some thing went
wrong");
$id = $_REQUEST['id'];
$sql = mysqli_query($conn,"SELECT * FROM tenantsignup WHERE id
='$id'");
$get3 = mysqli_fetch_assoc($sql);
if(isset($_POST['update'])){
$uname = $_POST['uname'];
$psw = $_POST['psw'];
$name = $_POST['name'];
$email = $_POST['email'];
$contact_no = $_POST['contact_no'];
$area = $_POST['area'];
$gender = $_POST['gender'];
$age = $_POST['age'];
$max_budget = $_POST['max_budget'];
$staying_with = $_POST['staying_with'];
$race = $_POST['race'];
$result = mysqli_query($conn,"UPDATE tenantsignup set
uname='$uname',psw='$psw',name='$name',
email='$email',contact_no='$contact_no',area='$area',
gender='$gender',age='$age',max_budget='$max_budget',
staying_with='$staying_with',race='$race'");
if($result){
echo 'Success!';
}else{
echo 'failed';
}
}
?>
<form action ="q1.php" method="POST">
<div class = "form-group">
<label for ="id">ID</label>
<input type="text" class ="form-control" id="id" name="id" value="<?
php echo $id;?>">
</div>
<div class = "form-group">
<label for ="uname">Username</label>
<input type="text" class ="form-control" id="uname"
name="uname"value="<?php echo $uname;?>" >
</div>
<div class = "form-group">
<label for ="psw">Password</label>
<input type="text" class ="form-control" id="psw" name="psw"value="
<?php echo $psw;?>" >
</div>
<div class = "form-group">
<label for ="name">Name</label>
<input type="text" class ="form-control" id="name"
name="name"value="<?php echo $name;?>" >
</div>
<div class = "form-group">
<label for ="email">Email</label>
<input type="text" class ="form-control" id="email"
name="email"value="<?php echo $email;?>" >
</div>
<div class = "form-group">
<label for ="contact_no">Contact No</label>
<input type="text" class ="form-control" id="contact_no"
name="contact_no"value="<?php echo $contact_no;?>" >
</div>
<div class = "form-group">
<label for ="area">Area</label>
<input type="text" class ="form-control" id="area"
name="area"value="<?php echo $area;?>" >
</div>
<div class = "form-group">
<label for ="gender">Gender</label>
<input type="text" class ="form-control" id="gender"
name="gender"value="<?php echo $gender;?>" >
</div>
<div class = "form-group">
<label for ="age">Age</label>
<input type="text" class ="form-control" id="age" name="age"value="
<?php echo $age;?>" >
</div>
<div class = "form-group">
<label for ="max_budget">Max Budget</label>
<input type="text" class ="form-control" id="max_budget"
name="max_budget"value="<?php echo $max_budget;?>" >
</div>
<div class = "form-group">
<label for ="staying_with">Staying With</label>
<input type="text" class ="form-control" id="staying_with"
name="staying_with" value="<?php echo $staying_with;?>" >
</div>
<div class = "form-group">
<label for ="race">Race</label>
<input type="text" class ="form-control" id="race"
name="race"value="<?php echo $race;?>" >
</div>
<button type="submit" name="update">Update</button>
</form>
答案 0 :(得分:0)
您需要在UPDATE查询中添加WHERE子句:
$result = mysqli_query($conn,"UPDATE tenantsignup set
uname='$uname',psw='$psw',name='$name',
email='$email',contact_no='$contact_no',area='$area',
gender='$gender',age='$age',max_budget='$max_budget',
staying_with='$staying_with',race='$race' WHERE id='$id'");
答案 1 :(得分:0)
您需要在查询中添加 WHERE 。
用
替换您的查询$result = mysqli_query($conn,"UPDATE tenantsignup set
uname='$uname',psw='$psw',name='$name',
email='$email',contact_no='$contact_no',area='$area',
gender='$gender',age='$age',max_budget='$max_budget',
staying_with='$staying_with',race='$race' WHERE id=$id");
注意:它不是更新数据的安全方式。你应该使用pdo或预备声明。