目前正在处理一个项目,需要我为管理员构建一个管理区域来管理用户和权限。
如果管理员向数据库提交了重复的数据,我将使用数组向管理员返回错误-例如,试图将用户的用户名更改为另一个现有用户名。这是有效的,但是在提交表单时,如果表单某个部分的数据发生了更改(用户名可用,但电子邮件地址未更改),则会返回错误标志。
我相信,由于我创建的SELECT语句在运行$stmt之前会检查用户名或电子邮件地址是否已被使用,因此它会将表单中已填充的现有用户名或电子邮件地址作为新的用户名或电子邮件地址,尽管它是用户的现有用户名/电子邮件地址。
我不确定是否需要重新构造select语句或错误标志返回-因为运行SQL UPDATE语句在没有错误标志返回的情况下工作正常,所以如果值相同,它只会返回一个标准的重复条目错误。
正如它刚才的工作,当管理员更新表单-它将只成功更新,如果都用户名和电子邮件地址都已更改。
admin_functions.php
$sql = "UPDATE ltc_users SET first_name = ?, second_name = ?, username = ?, email_address = ?, permission = ? WHERE user_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("sssssi", $first_name, $second_name, $username, $email_address, $permission, $user_id);
if (isset($_POST['update_user'])) {
$user_id = $_POST["user_id"];
$first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
$second_name = mysqli_real_escape_string($conn, $_POST['second_name']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email_address = mysqli_real_escape_string($conn, $_POST['email_address']);
$permission = mysqli_real_escape_string($conn, $_POST['permission']);
if (empty($username)) {
array_push($error_flags, "username is required.");
}
if (empty($email_address)) {
array_push($error_flags, "email is required.");
}
$user_check_query = "SELECT * FROM ltc_users WHERE username='$username' OR email_address='$email_address'LIMIT 1";
$user_check_result = mysqli_query($conn, $user_check_query);
$user_fa = mysqli_fetch_assoc($user_check_result);
if ($user_fa['username'] === $username) {
array_push($error_flags, "username already in use.");
}
if ($user_fa['email_address'] === $email_address) {
array_push($error_flags, "email address already in use.");
}
if (count($error_flags) == 0) {
$stmt->execute();
// Success flag is not returned, return to fix**
$_SESSION['success_flag'] = "user updated. <br><br>";
header('location: manage-users.php');
}
}字符串
manage-users.php
<form method="post" action="manage-users.php">
<?php if ($isEditingUser === true) : ?>
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<?php endif ?>
<input type="text" name="first_name" placeholder="first." value="<?php echo $first_name ?>" required>
<input type="text" name="second_name" placeholder="second." value="<?php echo $second_name ?>" required>
<input type="text" name="username" placeholder="username." minlength="5" value="<?php echo $username; ?>" required>
<input type="email" name="email_address" placeholder="email address." value="<?php echo $email_address ?>" required>
<!-- <input type="password" name="password_1" placeholder="password." minlength="8" required>
<input type="password" name="password_2" placeholder="confirm password." minlength="8" required> -->
<select name="permission" required>
<option value="" selected disabled hidden>select permission.</option>
<option value="user">user.</option>
<option value="admin">admin.</option>
<option value="restricted">restricted.</option>
</select>
<?php if ($isEditingUser === true) : ?>
<button type="submit" class="btn" name="update_user">update user.</button>
<?php else : ?>
<button type="submit" class="btn" name="create_user">create user.</button>
<?php endif ?>
</form>型
admin_message_error_function.php
<?php if (count($error_flags) > 0) : ?>
<div class="error_flags">
<?php foreach ($error_flags as $error_flag) : ?>
<p><?php echo $error_flag ?></p>
<?php endforeach ?>
</div>
<?php endif ?>型
干杯
我试过很多方法,但都不太走运。
1条答案
按热度按时间h79rfbju1#
当您检查用户名或电子邮件地址是否已被使用时,您可以排除当前用户ID:
字符串