php mysql update
<?php
$host = "localhost";
$user = "root";
$pass = "pass";
$db = "table";
$connect=mysql_connect($host, $user, $pass) or die(mysql_error());
mysql_select_db($db, $connect) or die(mysql_error());
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$username = trim($_POST["username"]);
$res = mysql_query("SELECT id, username, email, ip FROM users WHERE username='". mysql_real_escape_string($username) . "'");
$arr = mysql_fetch_assoc($res);
$user_id = $arr['id'];
$user_name = $arr['username'];
$user_email = $arr['email'];
$user_ip = $arr['ip'];
$res = mysql_query("UPDATE users SET enabled=no WHERE id=$user_id") or mysql_error();
}
?>
<form method="post" action="">
<input type="text" size="40" name="username">
<tr><td colspan="2"><input type="submit" class="btn" value='send'></td></tr>
</form>
This script doesn't execute: $res = mysql_query("UPDATE us开发者_Go百科ers SET enabled=no WHERE id=$user_id") or mysql_error();
What's wrong ?
Use:
$res = mysql_query("UPDATE users SET enabled='no' WHERE id=$user_id") or die(mysql_error());
Try wrapping the enabled=no and the id=$user_id in quotes
$res = mysql_query("UPDATE users SET enabled='no' WHERE id='$user_id'") or mysql_error();
You should also make sure you escape your variables as your code is vulnerable to SQL Injection
$username = mysql_real_escape_string(trim($_POST["username"]));
you need to debug.
at the end of this line
$res = mysql_query("UPDATE users SET enabled=no WHERE id=$user_id") or mysql_error();
write this line
"UPDATE users SET enabled=no WHERE id=$user_id"
you will see what command will be execute. probably $user_id variable coming wrong.
if you seen wrong sql command go head and try to investigate why user_id coming wrong
精彩评论