[英]User profile update error
i am doing a user profile update after user login to the system. 用户登录系统后,我正在更新用户配置文件。 Everything is good, after user login, user can change their username pass etc. But there is a problem, when user change their details, it will change the entire user database details.
一切都很好,用户登录后,用户可以更改其用户名通行证等。但是有一个问题,当用户更改其详细信息时,它将更改整个用户数据库的详细信息。 Here is my coding
这是我的编码
Here is the login coding 这是登录代码
<form class="modal-content animate" action="qcon.php" method="POST">
<div class="imgcontainer">
<span onclick="document.getElementById('id01').style.display='none'"
class="close" title="Close Modal">×</span>
<img src="download.png" alt="Avatar" class="avatar">
</div>
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="uname" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit">Login</button>
<input type="checkbox" checked="checked" name ="submit"> Remember me
</div>
Here is the connect to database coding 这是连接数据库的代码
<?php
$connect = new mysqli("localhost","root","","tenantsdb");
$submit = isset($_POST['submit']);
if($submit)
{
$uname = $_POST['uname'];
$psw = $_POST['psw'];
}
$get = mysqli_query($connect, "SELECT * FROM tenantsignup WHERE uname
='$uname' AND psw ='$psw'");
$get2 = mysqli_fetch_assoc($get);
$id = $get2['id'];
$num = mysqli_num_rows($get);
if($num==1)
{
header("location:q1.php?id=$id");
}
else
{
echo"this username doesnt exsts";
}
?>
Here is the page that after user login 这是用户登录后的页面
<div class = "col-md-6">
<div class = "panel panel-default">
<div class = "panel-body">
<?php
global $conn;
$servername = "localhost"; //host name
$username = "root"; //username
$password = ""; //password
$mysqli_database = "tenantsdb"; //database name
//mysqli prepared statement
$conn = mysqli_connect($servername, $username, $password,
$mysqli_database) or die("Connection failed: " .
mysqli_connect_error());
mysqli_select_db($conn,$mysqli_database) or die("Opps some thing went
wrong");
$id = $_REQUEST['id'];
$sql = mysqli_query($conn,"SELECT * FROM tenantsignup WHERE id
='$id'");
$get3 = mysqli_fetch_assoc($sql);
if(isset($_POST['update'])){
$uname = $_POST['uname'];
$psw = $_POST['psw'];
$name = $_POST['name'];
$email = $_POST['email'];
$contact_no = $_POST['contact_no'];
$area = $_POST['area'];
$gender = $_POST['gender'];
$age = $_POST['age'];
$max_budget = $_POST['max_budget'];
$staying_with = $_POST['staying_with'];
$race = $_POST['race'];
$result = mysqli_query($conn,"UPDATE tenantsignup set
uname='$uname',psw='$psw',name='$name',
email='$email',contact_no='$contact_no',area='$area',
gender='$gender',age='$age',max_budget='$max_budget',
staying_with='$staying_with',race='$race'");
if($result){
echo 'Success!';
}else{
echo 'failed';
}
}
?>
<form action ="q1.php" method="POST">
<div class = "form-group">
<label for ="id">ID</label>
<input type="text" class ="form-control" id="id" name="id" value="<?
php echo $id;?>">
</div>
<div class = "form-group">
<label for ="uname">Username</label>
<input type="text" class ="form-control" id="uname"
name="uname"value="<?php echo $uname;?>" >
</div>
<div class = "form-group">
<label for ="psw">Password</label>
<input type="text" class ="form-control" id="psw" name="psw"value="
<?php echo $psw;?>" >
</div>
<div class = "form-group">
<label for ="name">Name</label>
<input type="text" class ="form-control" id="name"
name="name"value="<?php echo $name;?>" >
</div>
<div class = "form-group">
<label for ="email">Email</label>
<input type="text" class ="form-control" id="email"
name="email"value="<?php echo $email;?>" >
</div>
<div class = "form-group">
<label for ="contact_no">Contact No</label>
<input type="text" class ="form-control" id="contact_no"
name="contact_no"value="<?php echo $contact_no;?>" >
</div>
<div class = "form-group">
<label for ="area">Area</label>
<input type="text" class ="form-control" id="area"
name="area"value="<?php echo $area;?>" >
</div>
<div class = "form-group">
<label for ="gender">Gender</label>
<input type="text" class ="form-control" id="gender"
name="gender"value="<?php echo $gender;?>" >
</div>
<div class = "form-group">
<label for ="age">Age</label>
<input type="text" class ="form-control" id="age" name="age"value="
<?php echo $age;?>" >
</div>
<div class = "form-group">
<label for ="max_budget">Max Budget</label>
<input type="text" class ="form-control" id="max_budget"
name="max_budget"value="<?php echo $max_budget;?>" >
</div>
<div class = "form-group">
<label for ="staying_with">Staying With</label>
<input type="text" class ="form-control" id="staying_with"
name="staying_with" value="<?php echo $staying_with;?>" >
</div>
<div class = "form-group">
<label for ="race">Race</label>
<input type="text" class ="form-control" id="race"
name="race"value="<?php echo $race;?>" >
</div>
<button type="submit" name="update">Update</button>
</form>
You need to add a WHERE clause to your UPDATE query: 您需要在您的UPDATE查询中添加WHERE子句:
$result = mysqli_query($conn,"UPDATE tenantsignup set
uname='$uname',psw='$psw',name='$name',
email='$email',contact_no='$contact_no',area='$area',
gender='$gender',age='$age',max_budget='$max_budget',
staying_with='$staying_with',race='$race' WHERE id='$id'");
You need to add WHERE with your query. 您需要在查询中添加WHERE 。
Replace your query with 将查询替换为
$result = mysqli_query($conn,"UPDATE tenantsignup set
uname='$uname',psw='$psw',name='$name',
email='$email',contact_no='$contact_no',area='$area',
gender='$gender',age='$age',max_budget='$max_budget',
staying_with='$staying_with',race='$race' WHERE id=$id");
Note: Its not a secure way to update data . 注意:这不是更新数据的安全方法。 you should use pdo or prepared statement.
您应该使用pdo或Prepared语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.