简体   繁体   中英

Updating a user profile stored in $_SESSION data from an SQL database with AJAX

I'm currently creating a website (which I'm very new to) and I've added separate profiles that are stored in sessions. The profiles are stored in an SQL database, and everything was going pretty smoothly until I got to my "edit profile" page. Just like in most websites I'd like to have the functionality of editing your profile information such as the user address on one page.

So for example, if someone wants to edit their email, this is the form I have setup.. The e-mail displayed is the users e-mail via the session ID, but how do I update the actual SQL database? My experience with all things web design is extremely limited.

<label>Primary E-Mail:</label>
<span id="pemail" class="datainfo"><?php echo $_SESSION['user_email']; ?></span>
<a href="#" class="editlink">Edit Info</a>
<a class="savebtn">Save</a>

In the database, the field i'd like to update would be user_email as well, and it would be in the row that corresponds with the session user_name (whoever is logged in). The session information for user email was gained through:

$_SESSION['user_email'] = $result_row->user_email;

Not sure if this helps any, but since I've been piecing together code from all over the place and trying to make it fit in my website, I might as well share the registration field for e-mail as well:

$user_email = $this->db_connection->real_escape_string(strip_tags($_POST['user_email'], ENT_QUOTES));

Some more of the registration:

$sql = "INSERT INTO users (user_name, user_password_hash, user_email, landlord, user_address, user_phone_number) VALUES ('" . $user_name . "', '" . $user_password_hash . "', '" . $user_email . "', '" . 1 . "', '" . $user_address . "', '" . $user_phone_number . "')";
$query_new_user_insert = $this->db_connection->query($sql);

// if user has been added successfully
if ($query_new_user_insert) {
$this->messages[] = '<p class="login_text">Your account has been created successfully. You can now log in.</p>';

I've tried making this edit profile page for so long and it seems so simple on paper but nothing seems to be working. I apologize for the probably very stupid question.

tl;dr: How do I edit values in an SQL database based on my session login on a website?

Some ideas:
I belive that you have an unique user_id in your database, so you would just need to store the user_id in the $_SESSION[] every time the user logs in, and clean it when he logs out. Then when you need user data, you should query the database doing something like:

 SELECT user_email, other_column FROM users WHERE user_id = $_SESSION['user_id']

If you do that, when you have to update the user information you will have the current user_id stored in the $_SESSION['user_id'], so you have to do an UPDATE in MySQL. Something like:

UPDATE users SET user_email= ' The new email from php goes here '

I handle this by creating an AJAX request to a PHP that updates the value in the database.

If the PHP is aware of your session, you can change the session variable at the same time, without having to re-read the database.

As the AJAX completes, you have validation that the database was updated.

Be careful to not use SQL in the AJAX or it could be hacked.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM