-2
我不知道为什么这样做是这样的,我没有在我的代码中回显出$sqll,它显示了所有正确的信息,但是当它回到带有它的信息的页面时空白。Mysql查询清除行而不是更新
这里是脚本
<?php
include("header.php");
include("sidebar.php");
$memberon = $_GET['user'];
$getmember = mysql_query("SELECT * FROM accounts WHERE username='".$memberon."'");
$member = mysql_fetch_array($getmember);
?>
<h2>Edit User</h2>
<?php
$points = asql($_POST['points']);
$cash = asql($_POST['cash']);
$banned = asql($_POST['banned']);
$completed = asql($_POST['completed']);
$confirm= asql($_POST['confirm']);
$referral= asql($_POST['ref']);
$email= asql($_POST['email']);
$username= asql($_POST['username']);
$fname= asql($_POST['fname']);
$lname= asql($_POST['lname']);
$add= asql($_POST['address']);
$state= asql($_POST['state']);
$country= asql($_POST['country']);
$postal= asql($_POST['postal']);
$apt= asql($_POST['suite']);
$city= asql($_POST['city']);
$phone= asql($_POST['phone']);
$dob= asql($_POST['dob']);
if ($_POST['subm']) {
if($points <> $member['points'] || $cash <> $member['current_b']){
$final_report = "Checking";
print"This users balance has been updated, please input your pass code to confirm these changes <br />
<form method='post' action=''><input type='hidden' name='points' value='$points'><input type='hidden' name='cash' value='$cash'><input type='hidden' name='banned' value='$banned'><input type='hidden' name='confirm' value='$confirm'><input type='hidden' name='ref' value='$referral'><input type='hidden' name='email' value='$email'><input type='hidden' name='fname' value='$fname'><input type='hidden' name='lname' value='$lname'><input type='hidden' name='address' value='$add'><input type='hidden' name='state' value='$state'><input type='hidden' name='country' value='$country'><input type='hidden' name='postal' value='$postal'><input type='hidden' name='suite' value='$apt'><input type='hidden' name='city' value='$city'><input type='hidden' name='phone' value='$phone'><input type='hidden' name='dob' value='$dob'><input type='password' name='passcode' /><input type='submit' name='pcheck' value='Sumbit' /></form>";
}
else
{
$final_report = "";
}
if($final_report == NULL){
$updatemembers = mysql_query("UPDATE accounts SET points='$points', current_b='$cash', level='$banned', email_check='$confirm', referral='$referral', username='$username', fname='$fname', lname='$lname', email='$email', address='$add', state='$state', country='$country', postal='$postal', suite='$apt', city='$city', phone='$phone', dob='$dob' WHERE username='".$memberon."'") or die(mysql_error());
print "You Have Successfully Updated this Information";
header("Refresh: 2;url=edit.php?user=".$memberon."");
}
}
if($_POST['pcheck']){
$pchecki = asql($_POST['passcode']);
$pchecks = md5($pchecki);
$check = mysql_query("SELECT * FROM panel_access WHERE psn = '".$_SESSION['aname']."'") or die(mysql_error());
$checkar = mysql_fetch_array($check);
$final_report = "Checking.";
if($pchecks != $checkar['change_ab']){
$final_report = "That password is incorrect.";
print "".$final_report."";
header("Refresh: 2;url=edit.php?user=".$memberon."");
}
else
{
$final_report = "";
}
if($final_report == NULL){
$sqll = "UPDATE accounts SET points='".$points."', current_b='".$cash."', level='".$banned."', email_check='".$confirm."', referral='".$referral."', username='".$username."', fname='".$fname."', lname='".$lname."', email='".$email."', address='".$add."', state='".$state."', country='".$country."', postal='".$postal."', suite='".$apt."', city='".$city."', phone='".$phone."', dob='".$dob."' WHERE username='".$memberon."'";
$updatemember = mysql_query($sqll) or die(mysql_error());
print "You Have Successfully Updated this Information ".$sqll."";
header("Refresh: 2;url=edit.php?user=".$memberon."");
}
}
if(!isset($_POST['subm']) && !isset($_POST['pcheck']))
{
?>
<div class='form'>
<form action='' method='post'><input type=hidden name=subm value=1>
<div class="element">
<label for='email'>Email:</label>
<input type='text' name='email' id='email' value='<?php echo $member['email'] ?>' size='54' />
</div>
<div class="element">
<label for='username'>Username:</label>
<input type='text' name='username' id='username' value='<?php echo $member['username'] ?>' size='54' />
</div>
<div class="element">
<label for='ip'>IP Address:</label>
<input type='text' name='ip' id='ip' value='<?php echo $member['ip'] ?>' size='54' readonly='readonly' />
</div>
<div class="element">
<label for='banned'>Banned: <font color='red' size='1'><b>1=No 2=Yes</b></font></label>
<input type='text' name='banned' id='banned' value='<?php echo $member['level'] ?>' size='54' />
</div>
<div class="element">
<label for='confirm'>E-Mail Confirmed: <font color='red' size='1'>0=No 1=Yes</font></label>
<input type='text' name='confirm' id='confirm' value='<?php echo $member['email_check'] ?>' size='54' />
</div>
<div class="element">
<label for='ref'>Referral:</label>
<input type='text' name='ref' id='ref' value='<?php echo $member['referral'] ?>' size='54' />
</div>
<div class="element">
<label for='points'>Points:</label>
<input type='text' name='points' id='points' value='<?php echo $member['points'] ?>' size='54' />
</div>
<div class="element">
<label for='cash'>Cash:</label>
<input type='text' name='cash' id='cash' value='<?php echo $member['current_b'] ?>' size='54' />
</div>
<div class="element">
<label for='fname'>First Name:</label>
<input type='text' name='fname' id='fname' value='<?php echo $member['fname'] ?>' size='54' />
</div>
<div class="element">
<label for='lname'>Last Name:</label>
<input type='text' name='lname' id='lname' value='<?php echo $member['lname'] ?>' size='54' />
</div>
<div class="element">
<label for='phone'>Phone:</label>
<input type='tel' name='phone' id='phone' value='<?php echo $member['phone'] ?>' size='54' />
</div>
<div class="element">
<label for='dob'>Date of Birth:</label>
<input type='text' name='dob' id='dob' value='<?php echo $member['dob'] ?>' size='54' />
</div>
<div class="element">
<label for='address'>Address:</label>
<input type='text' name='address' id='address' value='<?php echo $member['address'] ?>' size='54' />
</div>
<div class="element">
<label for='suite'>Suite/Apt.:</label>
<input type='text' name='suite' id='suite' value='<?php echo $member['suite'] ?>' size='54' />
</div>
<div class="element">
<label for='country'>Country:</label>
<input type='text' name='country' id='country' value='<?php echo $member['country'] ?>' size='54' />
</div>
<div class="element">
<label for='state'>State:</label>
<input type='text' name='state' id='state' value='<?php echo $member['state'] ?>' size='54' />
</div>
<div class="element">
<label for='city'>City:</label>
<input type='text' name='city' id='city' value='<?php echo $member['city'] ?>' size='54' />
</div>
<div class="element">
<label for='postal'>Postal Code:</label>
<input type='text' name='postal' id='postal' value='<?php echo $member['postal'] ?>' size='54' />
</div>
<?php
print"<dl class='submit'>
<input type='submit' name='submit' id='submit' value='Submit' />
</dl>
</form>
</div> ";
}
include("footer.php");
?>
在一个侧面说明我知道mysql_query和喜欢处于被弃用的过程中,我要指出,我没有写这篇文章,只是做一些编辑的一个客户,而这一部分正在发生后面的痛苦。
而且它只能在if($_POST['pcheck'])不工作的查询,为if($_POST['subm']第一查询工作正常
两件事情;这是充满SQL注入漏洞和* mysql *扩展已被弃用。使用PDO或MySQLi代替 – Phil
@Phil请在发表评论前阅读我的整篇文章,我已经知道这一点,但客户支付我编辑不写,所以我现在添加的东西。 – kira423
你确定所有的输入变量设置正确吗?另外,你应该在调用'header()'后退出,这样你不会无意中在它们下面执行代码。 – siride