php - 如何使用 session_start 更新 MySQL 中的字段并由 id 确定
问题描述
我正在尝试为我的用户创建一个空间,他们可以在其中更改其帐户名称等。我进行了很多调查,但找不到安全的东西。现在我只是在努力工作。我用一个简单的 INSERT 插入我的用户:
$query = "INSERT INTO users (Name, Email, Password, metodop, social1, social2, aboutt) VALUES ('$name', '$email', '$passHash', '$metodop', '$social1', '$social2', '$aboutt')";
这是插入的一部分:
$name = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['password'];
$metodop = $_POST['metodop'];
$social1 = $_POST['social1'];
$social2 = $_POST['social2'];
$aboutt = $_POST['aboutt'];
但我现在想创建一些东西来更新用户可以使用的这些字段,但我不知道如何,因为我不想留下一个用户可以编辑整个数据库的东西。在这里,我正在使用 session_start。我想让登录的用户可以在我的数据表中更新他的数据。这是我想出来的,但它不起作用:
$data = [
'name' => $name,
'surname' => $surname,
'social1' => $social1,
'id' => $id,
];
$sql = "UPDATE users SET name=:name, surname=:surname, social1=:social1 WHERE id=:id";
$stmt= $pdo->prepare($sql);
$stmt->execute($data);
?>
更新:嗨,我这几天努力工作,我有这个:
用于更新用户数据的 PDO:
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start();
?>
<html>
<?php
/*Incluyendo la conexion y enviando el Arreglo Files a la funcion*/
include 'pd.conn.php';
if(isset($_POST['update']))
{
// data sent from form login.html
$email = $_POST['email'];
$bemail = $_POST['email']; //by get session value in login form
$sqlgetid = "SELECT id FROM users WHERE Email = '$email'";
$q = $pdo->query($sqlgetid);
$stmt->bindParam(":Email", $email); //this is the line where i get all this errors//
$email = $bemail;
$q->setFetchMode(PDO::FETCH_ASSOC);
while ($row = $q->fetch()){
$verify_id = $row['id']; //user id value set to verify_id variable
}
$sql = "UPDATE users SET Name=:Name, social1=:social1, social2=:social2, aboutt=:aboutt WHERE id=:id";
if($stmt = $pdo->prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bindParam(":Name", $param_Name);
$stmt->bindParam(":social1", $param_social1);
$stmt->bindParam(":social2", $param_social2);
$stmt->bindParam(":aboutt", $param_aboutt);
$stmt->bindParam(":id", $param_id);
// Set parameters
$param_Name = $Name;
$param_social1 = $social1;
$param_social2 = $social2;
$param_aboutt = $aboutt;
$param_id = $verify_id;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Records updated successfully. Redirect to landing page
header("edit-profile.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
}
}
?>
<div class='alert alert-success mt-4' role='alert'><strong>Welcome!</strong><?php echo $_SESSION['name'] ?? ""; ?></div>
<form method="post">
<div class="form-group">
<input method="post" class="form-control input-lg" name="Nombre" placeholder="Nombre" >
</div>
<div class="form-group">
<input method="post" class="form-control input-lg" name="social1" placeholder="social11" >
</div>
<div class="form-group">
<input method="post" class="form-control input-lg" name="social2" placeholder="social22" >
</div>
<div class="form-group">
<input method="post" class="form-control input-lg" name="aboutt" placeholder="about" >
</div>
<button type="submit" name="update" class="btn btn-success btn-block">Update</button>
</form>
<div class="container">
<?php
include 'conn.php';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
// Query to check if the email already exist
$checkEmail = "SELECT * FROM users WHERE Email = '$_POST[email]' ";
$checkName = "SELECT * FROM users WHERE Name = '$_POST[name]' ";
// Variable $result hold the connection data and the query
$result = $conn-> query($checkEmail);
$result = $conn-> query($checkName);
// Variable $count hold the result of the query
$count = mysqli_num_rows($result);
// If count == 1 that means the email is already on the database
if ($count == 1) {
echo "<div class='alert alert-warning mt-4' role='alert'>
<p>That email or name is already registred, try to change first the name, if it continues getting error, try with another email.</p>
<p><a href='login.html'>Please login here</a></p>
</div>";
} else {
/*
If the email don't exist, the data from the form is sended to the
database and the account is created
*/
$name = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['password'];
$metodop = $_POST['metodop'];
$social1 = $_POST['social1'];
$social2 = $_POST['social2'];
$aboutt = $_POST['aboutt'];
// The password_hash() function convert the password in a hash before send it to the database
$passHash = password_hash($pass, PASSWORD_DEFAULT);
// Query to send Name, Email and Password hash to the database
$query = "INSERT INTO users (Name, Email, Password, metodop, social1, social2, aboutt) VALUES ('$name', '$email', '$passHash', '$metodop', '$social1', '$social2', '$aboutt')";
if (mysqli_query($conn, $query)) {
echo "<div class='alert alert-success mt-4' role='alert'><h3>Your account has been created.</h3>
<a class='btn btn-outline-primary' href='login.html' role='button'>Login</a></div>";
} else {
echo "Error: " . $query . "<br>" . mysqli_error($conn);
}
}
mysqli_close($conn);
?>
</div>
conn.php 是与数据库的简单连接,但与 pdo 连接不同,我收到此错误,$stm 中的未定义变量,在上传系统中,因为这里不起作用的是上传, insert 效果很好,但不在 pdo 中。但是如果我在 pdo 系统中进行上传会更好。在我不太明白的事情之后,为什么我会收到第二个错误,未捕获的错误:在 null 上调用成员函数 bindParam()。在同一行中,它说的地方。$stmt->bindParam(":Email", $email); 但在上传时我使用这个连接:
<?php
define('DB_SERVER', 'xxx.0.0.x');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'phplogin');
/* Attempt to connect to MySQL database */
try {
$pdo = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USERNAME, DB_PASSWORD);
// Set the PDO error mode to exception
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
die("ERROR: Could not connect. " . $e->getMessage());
}
?>
那是一样的。非常感谢您的帮助,您已经赢得了我的选票,但是如果我们一起解决这个问题,那将是惊人的,您会怎么做?
解决方案
您可以使用安全的PDO插入功能,
$sql = "INSERT INTO users (Name, Email, Password, metodop, social1, social2, aboutt) VALUES (:Name, :Email, :Password, :metodop, :social1, :social2, :aboutt)";
if($stmt = $pdo->prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bindParam(":Name", $param_Name, PDO::PARAM_STR);
$stmt->bindParam(":Email", $param_Email, PDO::PARAM_STR);
$stmt->bindParam(":Password", $param_Password, PDO::PARAM_STR);
$stmt->bindParam(":metodop", $param_metodop, PDO::PARAM_STR);
$stmt->bindParam(":social1", $param_social1, PDO::PARAM_STR);
$stmt->bindParam(":social2", $param_social2, PDO::PARAM_STR);
$stmt->bindParam(":aboutt", $param_aboutt, PDO::PARAM_STR);
// Set parameters
$param_Name = $Name;
$param_Email = $Email;
$param_Password = password_hash($Password, PASSWORD_DEFAULT); // Creates a password hash
$param_metodop = $metodop;
$param_social1 = $social1;
$param_social2 = $social2;
$param_aboutt = $aboutt;
} else {
echo "Something went wrong. Please try again later.";
}
然后您需要在用户登录时创建一个会话变量。因此,确定唯一用户并授予该用户更改其姓名的权限。
更新功能
session_start(); //session start
$bemail = $_SESSION['useremail']; //by get session value in login form
$sqlgetid = "SELECT id FROM users WHERE Email=:Email";
$q = $pdo->query($sqlgetid);
$stmt->bindParam(":Email", $param_Email);
$param_Email = $bemail;
$q->setFetchMode(PDO::FETCH_ASSOC);
while ($row = $q->fetch()){
$verify_id = $row['id']; //user id value set to verify_id variable
}
$sql = "UPDATE users SET Name=:Name, social1=:social1, social2=:social2, aboutt=:aboutt WHERE id=:id";
if($stmt = $pdo->prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bindParam(":Name", $param_Name);
$stmt->bindParam(":social1", $param_social1);
$stmt->bindParam(":social2", $param_social2);
$stmt->bindParam(":aboutt", $param_aboutt);
$stmt->bindParam(":id", $param_id);
// Set parameters
$param_Name = $Name;
$param_social1 = $social1;
$param_social2 = $social2;
$param_aboutt = $aboutt;
$param_id = $verify_id;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Records updated successfully. Redirect to landing page
header("location: redirect_page_link_here");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
}
使用PDO(PHP 数据对象)连接数据库
<?php
define('DB_SERVER', 'xxx.x.x.x');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'phplogin');
/* Attempt to connect to MySQL database */
try {
$pdo = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USERNAME, DB_PASSWORD);
// Set the PDO error mode to exception
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
die("ERROR: Could not connect. " . $e->getMessage());
}
?>
推荐阅读
- amazon-web-services - S3 子域端点访问 URL
- c++ - SOAP 1.2 错误 SOAP-ENV:Sender[无子代码]
- gulp - 如何将 globbed gulp.src 文件移动到嵌套的 gulp.dest 文件夹中
- web-bluetooth - web-bluetooth 获取服务漫长的等待
- amazon-web-services - 如何通过 lambda 删除 s3 中的文件?
- python - 标签和破折号组件并排
- javascript - 我想知道如何在 d3.js 圆环图中创建等组
- javascript - 如何在相机视图的固定位置在 A-Frame 中绘制 2D UI?
- css - 过渡不适用于 React useState hook 和 styled-component
- python - ML 预测不止一步