【发布时间】:2022-02-06 05:31:51
【问题描述】:
我正在尝试在 PHP 中创建更新配置文件页面。但是,我一直遇到错误。当我提交表单以更新配置文件时,有四个字段。用户名、电子邮件、名字和姓氏。假设我只想更改用户的名字,当我提交表单时,它给了我一个错误,告诉我用户名/电子邮件/姓氏已被使用,因为它已经自动填写了。
Here is my update profile form, the fields contain user information pulled from the database
这是我的更新配置文件代码,与表单一起使用
// Queries
if (isset($_POST['userprofileupdate'])) {
$firstname = mysqli_real_escape_string($conn, $_POST['name_1']);
$lastname = mysqli_real_escape_string($conn, $_POST['name_2']);
$email = mysqli_real_escape_string($conn, $_POST['email_1']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
// Check if Email exists
$stmt = $pdo->prepare('SELECT * FROM `users` WHERE `email` = :email ');
$stmt->bindParam(":email", $email, PDO::PARAM_STR);
$stmt->execute();
$Count = $stmt->rowCount();
// Check if username exists
$stmt = $pdo->prepare('SELECT * FROM `users` WHERE `username` = :username ');
$stmt->bindParam(":username", $username, PDO::PARAM_STR);
$stmt->execute();
$Count1 = $stmt->rowCount();
if ($Count < 1) {
if ($Count1 < 1) {
$query = "UPDATE users SET username=?, firstname=?, lastname=?, email=? WHERE id=?";
$stmt = $pdo->prepare($query);
$stmt->bindParam('ssssi', $username, $firstname, $lastname, $email, $id);
$stmt->execute();
unset($_SESSION['username']);
unset($_SESSION['firstname']);
unset($_SESSION['lastname']);
unset($_SESSION['role']);
unset($_SESSION['email']);
unset($_SESSION['password']);
session_destroy();
header('Location: /panel/login?profile_changed');
} else {
header('Location: /panel/profile?username_taken');
}
} else {
header('Location: /panel/profile?email_taken');
}
}
【问题讨论】:
-
你为什么使用
mysqli_real_escape_string。请删除该功能。它不应该在您的代码中 -
在
header('Location: ...');之后总是exit() -
不要执行 SELECT 来检查重复项,而是在数据库列上创建一个 UNIQUE 约束