如果不更改 mysql table 中的值,请检查字段是否为空
Check if fields are empty if not change value in mysql table
我正在尝试在我的网站上更改用户信息部分,除更改用户名部分外一切正常。
在这部分我必须检查新用户名是否未被占用然后更改它(如果尚未被占用)。
当我启动我的代码时,它不会在 (echo "username deja utiliser") 之后输入 (else if) 语句。
//change.php
$newUsername = $_POST['changeUsername'];
$newNom = $_POST['changeNom'];
$currentId = $_SESSION['id'];
$currentName = $_SESSION['name'];
//fonction that doesn't work
if(empty($newUsername)){
echo "username is empty";
}else if ($stmt = $con->prepare('SELECT username from users where USERNAME = ? ')) {
$stmt->bind_param('s', $newUsername);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($checkUsername);
$stmt->fetch();
if ($checkUsername === $newUsername) {
echo "username deja utiliser";
}else if($stmt = $con->prepare("UPDATE users SET USERNAME = '$newUsername' WHERE ID = ? ")){
$stmt->bind_param('s', $currentId);
$stmt->execute();
echo "les valeur on été modifier";
session_regenerate_id();
$_SESSION['name'] = $newUsername;
}else{
echo "les valeurs n'ont pas été modifier";
}
}
}
//function that works
if(empty($newNom)){
echo "nom is empty";
}else if($stmt = $con->prepare("UPDATE users SET NOM = '$newNom' WHERE ID = ? ")){
$stmt->bind_param('s', $currentId);
$stmt->execute();
echo "les valeur on été modifier";
}else{
echo "les valeurs n'ont pas été modifier";
}
//editProfile.php
<form action="change.php" method="POST">
<table>
<tr>
<td>Username:</td>
<td>
<label for="username"></label>
<input type="text" name="changeUsername" placeholder="<?php echo $_SESSION['name'] ?>" id="changeUsername">
</td>
</tr>
<tr>
<td>Nom:</td>
<td>
<label for="nom"></label>
<input type="text" name="changeNom" placeholder="<?php echo $nom ?>" id="changeNom">
</td>
</tr>
</table>
<input type="submit" value="modfier">
</form>
我终于找到了有用的东西。此代码对于 SQL 注入是否安全?
//check if the username is taken
if(empty($newUsername)){
echo "username is empty";
}else if ($stmt = $con->prepare('SELECT username from users where USERNAME = ? ')) {
$stmt->bind_param('s', $newUsername);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($username);
$stmt->fetch();
if ($username === $newUsername) {
$checkUsername = true;
}
}
}
//change the username
if (empty($newUsername)) {
echo "username is empty";
} else if ($checkUsername != true) {
if ($stmt = $con->prepare("UPDATE users SET USERNAME = ? WHERE ID = ? ")) {
$stmt->bind_param('si', $newUsername, $currentId);
$stmt->execute();
echo "les valeur on été modifier";
session_regenerate_id();
$_SESSION['name'] = $newUsername;
} else {
echo "les valeurs n'ont pas été modifier";
}
} else {
echo "username deja utiliser ";
}
我正在尝试在我的网站上更改用户信息部分,除更改用户名部分外一切正常。
在这部分我必须检查新用户名是否未被占用然后更改它(如果尚未被占用)。
当我启动我的代码时,它不会在 (echo "username deja utiliser") 之后输入 (else if) 语句。
//change.php
$newUsername = $_POST['changeUsername'];
$newNom = $_POST['changeNom'];
$currentId = $_SESSION['id'];
$currentName = $_SESSION['name'];
//fonction that doesn't work
if(empty($newUsername)){
echo "username is empty";
}else if ($stmt = $con->prepare('SELECT username from users where USERNAME = ? ')) {
$stmt->bind_param('s', $newUsername);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($checkUsername);
$stmt->fetch();
if ($checkUsername === $newUsername) {
echo "username deja utiliser";
}else if($stmt = $con->prepare("UPDATE users SET USERNAME = '$newUsername' WHERE ID = ? ")){
$stmt->bind_param('s', $currentId);
$stmt->execute();
echo "les valeur on été modifier";
session_regenerate_id();
$_SESSION['name'] = $newUsername;
}else{
echo "les valeurs n'ont pas été modifier";
}
}
}
//function that works
if(empty($newNom)){
echo "nom is empty";
}else if($stmt = $con->prepare("UPDATE users SET NOM = '$newNom' WHERE ID = ? ")){
$stmt->bind_param('s', $currentId);
$stmt->execute();
echo "les valeur on été modifier";
}else{
echo "les valeurs n'ont pas été modifier";
}
//editProfile.php
<form action="change.php" method="POST">
<table>
<tr>
<td>Username:</td>
<td>
<label for="username"></label>
<input type="text" name="changeUsername" placeholder="<?php echo $_SESSION['name'] ?>" id="changeUsername">
</td>
</tr>
<tr>
<td>Nom:</td>
<td>
<label for="nom"></label>
<input type="text" name="changeNom" placeholder="<?php echo $nom ?>" id="changeNom">
</td>
</tr>
</table>
<input type="submit" value="modfier">
</form>
我终于找到了有用的东西。此代码对于 SQL 注入是否安全?
//check if the username is taken
if(empty($newUsername)){
echo "username is empty";
}else if ($stmt = $con->prepare('SELECT username from users where USERNAME = ? ')) {
$stmt->bind_param('s', $newUsername);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($username);
$stmt->fetch();
if ($username === $newUsername) {
$checkUsername = true;
}
}
}
//change the username
if (empty($newUsername)) {
echo "username is empty";
} else if ($checkUsername != true) {
if ($stmt = $con->prepare("UPDATE users SET USERNAME = ? WHERE ID = ? ")) {
$stmt->bind_param('si', $newUsername, $currentId);
$stmt->execute();
echo "les valeur on été modifier";
session_regenerate_id();
$_SESSION['name'] = $newUsername;
} else {
echo "les valeurs n'ont pas été modifier";
}
} else {
echo "username deja utiliser ";
}