[英]passing variables values to paypal API - first_name and last_name
[英]into my database `first_name` is showing as 0 and last_name is showing as “Arora” after updating name
我已經更新了名為“ Mohit sharma”的數據庫,但它以first_name
:0和'last_name`的形式輸出到數據庫:Arora這里是圖片http://postimg.org/image/jp2fy1yy7/
請幫忙
這是我的表單源代碼:
<div id="left_box"><br>
<img src="Images/general_setting.png" height="18" width="18"><a href="general_settings.php" style="text-decoration: none; color: #000000; font-family: Arial";> General</a><br><br>
<img src="Images/photo_setting.png" height="18" width="18"><a href="photo_settings.php" style="text-decoration: none; color: #000000; font-family: Arial";> Photos</a><br><br>
</div>
<div class="box">
<h1 style="font-family: consolas">Change your name</h1><hr>
<div id="change_name">
<label><strong>Your current name: </strong></label>
<?php
include('change_setting_db.php');
while($row = mysqli_fetch_array($result))
{
echo "(".$row['id'].") ".$row['first_name']." ".$row['last_name'];
}
?>
<br>
<br>
<form method="post" action="do_update_name.php">
<input type="hidden" name="id" value="<?php echo $row['id'];?>">
<label><strong>First name: </strong></label>
<input type="text" name="first_name" value="<?php echo $row['first_name'];?>">
<label><strong>Last name: </strong></label>
<input type="text" name="last_name" value="<?php echo $row['last_name'];?>">
<input type="submit" value="Submit">
</form>
</div>
</div>
這是我的do_update_name.php
源代碼。
<?php
$firstname=$_POST['first_name'];
$lastname=$_POST['last_name'];
$id=$_POST['id'];
$con=mysqli_connect("localhost","root","Bhawanku", "members");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$update =mysqli_query($con,"UPDATE admin SET first_name='$firstname' AND last_name='$lastname' WHERE id='$id' ");
if($update){
echo "Successfully created!!";
}
?>
如前所述,您對SQL注入持開放態度。
您的聲明如下所示:
UPDATE admin SET first_name='$firstname' AND last_name='$lastname' WHERE id='$id' "
我認為您想使用逗號而不是AND
:
UPDATE admin SET first_name='$firstname', last_name='$lastname' WHERE id='$id' "
如果您是初學者,請不要嘗試使用已棄用的語言部分(例如mysql_擴展名)。 從一開始就學會正確地做它。 將mysqli或PDO與已准備好的語句一起使用,並將您的輸入綁定到參數。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.