我很难找出代码问题的原因,也就是说,它不会查询“update”部分,但“select”部分确实有效。当我尝试使用print\r函数时,它会给出一个错误/警告,即:
“警告:mysqli\u query():无法获取mysqli”和“警告:mysqli\u fetch\u assoc()期望参数1是mysqli\u result,给定null”
if(!isset($_POST['n_pass'])&&!isset($_POST['n_pass'])){
if(!isset($_POST['password'])||$_POST['password']==""){
echo 'enter current password';
die;
} else {
include 'include/database.php';
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn,$_POST['lname']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$username = mysqli_real_escape_string($conn,$_POST['uname']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
//Check if the password is equal to the password inside database
$sql = "SELECT password FROM users where id = $id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$cpass = $row['password'];
$verify_pass = password_verify($password,$cpass); //check if current password is equal to the existing password
if($verify_pass != 1){
echo 'incorrect password';
die;
} else {
**//Update Data
$sql="UPDATE users SET firstname=$fname, lastname=$lname, email=$email, username=$username where id=$id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
print_r($row['firstname']);
die;
header("Location: profile.php?successfullyupdated");
}
}
}
1条答案
按热度按时间vc9ivgsu1#
您的查询缺少字符串周围的引号:
您只能跳过id字段,因为它是整数。
旁注:您对sql注入非常开放。你应该使用事先准备好的陈述。从这个主题开始,google上有很多资源
最后,请注意
完全没有用,因为您没有从更新查询返回任何内容。你可以做: