0
这是我的代码,第一要素IM mysqli_query给人以0
function update_profile($session_user_id, $email, $first_name, $last_name) {
global $con;
mysqli_query($con, "UPDATE `users` SET `email` = '$email' AND `first_name` = '$first_name' AND `last_name` = '$last_name' WHERE `user_id` = $session_user_id");
}
当更新它会改变电子邮件的0
他为什么这样做?
一个编辑...
对谁认为它有用的..这是我的表单的人。
if (isset($_POST['update_profile'])) {
if (empty($_POST['email'])) {
$error[] = 'Fill in a email';
} if (empty($_POST['first_name'])) {
$error[] = 'Fill in a first name';
} else {
if (email_exist($_POST['email']) && $_POST['email'] != $user_data['email']) {
$error[] = 'This email already exist.';
} if (strlen($_POST['first_name']) < 3 || strlen($_POST['first_name']) > 30) {
$error[] = 'This first name is to short or to long, it must be between a range of 3 and 30.';
}
}
if (empty($error) == false) {
echo error_handeling($error);
} else {
$user_id = $session_user_id;
$email = $_POST['email'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
update_profile($session_user_id, $email, $first_name, $last_name);
}
}
?>
<h1><?php echo $user_data['first_name'] ?> his profile</h1>
<form action = "" method = "post">
<ul>
<li>
Email*:<br>
<input type = "email" name = "email" value = "<?php echo $user_data['email'] ?>">
</li>
<li>
First name*:<br>
<input type = "text" name = "first_name" value = "<?php echo $user_data['first_name'] ?>">
</li>
<li>
Last name:<br>
<input type = "text" name = "last_name" value = "<?php echo $user_data['last_name'] ?>">
</li>
<li>
<input type = "submit" name = "update_profile" value = "Update">
</li>
</ul>
</form>
我必须把更多的文字,但idk什么放在这里。 XD srry :)
什么是模式?你传递给函数的是什么?你为什么不使用参数化查询? – 2014-09-12 21:55:30
请使用准备好的语句,或者至少使用'mysqli_real_escape_string'来自己逃脱数据库输入。 – lxg 2014-09-12 21:56:21
尝试回显SQL以查看实际设置的内容。 – Barmar 2014-09-12 21:56:55