无法更新表PDO更新

Question

我正在尝试使用PDO更新数据库中的表。目前我正在提交表单，除了白屏以外什么都没有，我启用了所有的错误报告选项，但仍然只是一个白色的屏幕..我一直在盯着代码，感觉像一辈子，仍然可以解决不了问题。一个正确的方向推动将不胜感激...谢谢

require('includes/config.php'); 

//if not logged in redirect to login page 
if(!$user->is_logged_in()){ header('Location: login.php'); } 

$signedin = $_SESSION['username']; 

$sql = "UPDATE member SET firstname = :firstname, 
      lastname = :lastname, 
      username = :username, 
      email = :email, 
      age = :age,  
      country = :country 
      where username = $signedin"; 
$stmt = $db->prepare($sql);         
$stmt->bindParam(':firstname', $_POST['firstname'], PDO::PARAM_STR);  
$stmt->bindParam(':lastname', $_POST['$lastname'], PDO::PARAM_STR);  
$stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR); 
// use PARAM_STR although a number 
$stmt->bindParam(':email', $_POST['email'], PDO::PARAM_STR); 
$stmt->bindParam(':age', $_POST['age'], PDO::PARAM_STR); 
$stmt->bindParam(':country', $_POST['country'], PDO::PARAM_INT); 
$stmt= $db->execute($sql); 
?> 

Answer 1

的​​功能不需要$sql（你只要在prepare()）

$stmt->execute(); 

接下来，你应该所有的数据传递到您准备好的声明，否则你击败的目的（这是最大的安全性）。所以我们删除

$sql = "UPDATE member SET firstname = :firstname, 
      lastname = :lastname, 
      username = :username, 
      email = :email, 
      age = :age,  
      country = :country 
      where username = :username"; 
//snip 
$stmt->bindParam(':username', $_SESSION['username'], PDO::PARAM_STR); 

Answer 2

您需要在您的where clause报价。

$sql = "UPDATE member SET firstname = :firstname, 
     lastname = :lastname, 
     username = :username, 
     email = :email, 
     age = :age,  
     country = :country 
     where username = '$signedin'"; 

此外，最好由id更新，因为它是唯一的。