php，mysql，更新用户详细信息表单

Question

如果用户愿意，我想更新他的名字、密码和头像图片等信息。我不知道如何以及在哪里保留 UPDATE sql 语句。这些更改将在个人资料页面中进行

profile.php:

session_start();
if (!isset($_SESSION['username'])) {
    header("Location: login.php");
}


<form action="profile.php" method="post" enctype="multipart/form-data" autocomplete="off">
<fieldset>
    <label for="firstName">First Name:</label>
    <input type="text" name="firstName" placeholder="Your firstname" required>
    <label for="password">Password:</label> 
    <input type="text" name="password" placeholder="Your new password">
    <label>Upload a new profile picture: </label><input type="file" name="avatar" accept="image/*" />
    <input type="submit" value="Submit Changes" name="changes"  />                        
</fieldset>

users.php

    <?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {

    //two passwords are equal to each other
    if ($_POST['password'] == $_POST['confirmpassword']) {

        //define other variables with submitted values from $_POST
        $firstName = $mysqli->real_escape_string($_POST['firstName']);
        $lastName = $mysqli->real_escape_string($_POST['lastName']);
        $username = $mysqli->real_escape_string($_POST['username']);
        $password = $mysqli->real_escape_string($_POST['password']);
        $email = $mysqli->real_escape_string($_POST['email']);
        $date = $mysqli->real_escape_string($_POST['regDate']);

        //we can also do md5 hash password for security
        //  $password = md5($_POST['password']);
        //  
        //path were our avatar image will be stored
        $avatar_path = $mysqli->real_escape_string('images/' . $_FILES['avatar']['name']);

        //checking email

        //make sure the file type is image, image properties validates
        if (preg_match("!image!", $_FILES['avatar']['type'])) {

            //copy image to images/ folder 
            if (copy($_FILES['avatar']['tmp_name'], $avatar_path)) {
                //if email does not already exist
                //set session variables to display on the index page
                $_SESSION['username'] = $username;
                $_SESSION['avatar'] = $avatar_path;

                //insert user data into database
                $sql = "INSERT INTO users (firstName, lastName, username, email, password, avatar, regDate) "
                        . "VALUES ('$firstName','$lastName','$username', '$email', '$password', '$avatar_path', NOW())";

                //check if mysql query is successful
                if ($mysqli->query($sql) === true) {
                    header("location: index.php");
                } else {
                    $_SESSION['message'] = 'User could not be added to the database!';
                }
                $mysqli->close();
            } else {
                $_SESSION['message'] = '';
            }
        } else {
            $_SESSION['message'] = '';
        }
    } else {
        $_SESSION['message'] = '';
    }
}

我还有一个 register.php，其中有以下代码： 比如会话开始； 以及连接和用户需要的连接

更新用户：

if ($_SERVER["REQUEST_METHOD"] == "POST") {
        //define other variables with submitted values from $_POST
        $firstName = $mysqli->real_escape_string($_POST['firstName']);
        $password = $mysqli->real_escape_string($_POST['password']);

        $avatar_path = $mysqli->real_escape_string('images/' . $_FILES['avatar']['name']);

        //make sure the file type is image, image properties validates
        if (preg_match("!image!", $_FILES['avatar']['type'])) {

            //copy image to images/ folder 
            if (copy($_FILES['avatar']['tmp_name'], $avatar_path)) {
                //if email does not already exist
                //set session variables to display on the index page
                $_SESSION['username'] = $username;
                $_SESSION['avatar'] = $avatar_path;

                //insert user data into database
                $sql = "UPDATE INTO users (firstName, password, avatar) "
                        . "VALUES ('$firstName', '$password', '$avatar_path'";

                //check if mysql query is successful
                if ($mysqli->query($sql) === true) {
                    echo 'updated successfully';
                    header("location: index.php");
                } else {
                    $_SESSION['message'] = 'User could not be added to the database!';
                }
                $mysqli->close();
            } else {
                $_SESSION['message'] = 'File upload failed!';
            }
        } else {
            $_SESSION['message'] = 'Please only upload GIF, JPG or PNG images!';
        }
    } 

更新 profile.php

    session_start();
if (!isset($_SESSION['username'])) {
    header("Location: login.php");
}
$text = "Welcome to your profile page";


$_SESSION['message'] = '';
$mysqli = new mysqli("localhost", "root", "", "");

require 'updateUser.php';

Answer 1

如果您愿意，可以将新的UPDATE 查询放在另一个文件中，这将是action="newfilename.php"，然后您可以从那里使用$_POST["firstname"] 和其他输入，然后将它们添加到您的SQL 查询中。