需要帮助在小型社交网站上向我的项目添加 "edit profile" 页面
need assistance adding an "edit profile" page to my project on a small social network website
我有一个项目要建立一个小型社交网站。注册表单确实可以使用用户名,但是当我为名字和姓氏添加区域时,它不起作用。
我不知道如何添加一个 "edit profile" 页面,用户可以在其中添加个人资料照片和基本信息。以下是我在尝试添加不起作用的名字和姓氏时使用的文件。
if (isset($_POST['reg_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$firstname = mysqli_real_escape_string($db, $_POST['firstname']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
$user_check_query = "SELECT * FROM clients WHERE username='$username' OR
email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname' '$email',
'$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: indexclient.php');
}
}
我仍然不能 100% 理解问题,但我确实在您的 INSERT 查询中发现了一个错误。 '$lastname'
后需要加分号
所以这个:
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname' '$email',
'$password')";
需要:
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname', '$email',
'$password')";
附带说明一下,您的查询会让您面临 SQL 注入,how to prevent SQL injection
我有一个项目要建立一个小型社交网站。注册表单确实可以使用用户名,但是当我为名字和姓氏添加区域时,它不起作用。 我不知道如何添加一个 "edit profile" 页面,用户可以在其中添加个人资料照片和基本信息。以下是我在尝试添加不起作用的名字和姓氏时使用的文件。
if (isset($_POST['reg_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$firstname = mysqli_real_escape_string($db, $_POST['firstname']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
$user_check_query = "SELECT * FROM clients WHERE username='$username' OR
email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname' '$email',
'$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: indexclient.php');
}
}
我仍然不能 100% 理解问题,但我确实在您的 INSERT 查询中发现了一个错误。 '$lastname'
所以这个:
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname' '$email',
'$password')";
需要:
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname', '$email',
'$password')";
附带说明一下,您的查询会让您面临 SQL 注入,how to prevent SQL injection