开发者

PHP submit problem

I'm trying to check if the username is available and display it for the user to see when they check there account settings, which I have done.

BUT when the user tries to fill out another field I get the Your username is unavailable! which should not pop up because its the users username already. I want to know how can I fix this problem using PHP so that the users name is displayed every time the user views their account settings and it wont cause problems when a user submits additional info?

Here is the PHP code.

if (isset($_POST['submitted'])) {

    require_once '../htmlpurifier/library/HTMLPurifier.auto.php';

    $config = HTMLPurifier_Config::createDefault();
    $config->set('Core.Encoding', 'UTF-8');
    $config->set('HTML.Doctype', 'XHTML 1.0 Strict');
    $config->set('HTML.TidyLevel', 'heavy');
    $config->set('HTML.SafeObject', true);
    $config->set('HTML.SafeEmbed', true);
    $purifier = new HTMLPurifier($config);

    $mysqli = mysqli_connect("localhost", "root", "", "sitename");
    $dbc = mysqli_query($mysqli,"SELECT users.*
                                 FROM users 
                                 WHERE user_id=3");

    $first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name']))));
    $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));


    if($_POST['username']) {
        $u = "SELECT user_id 
              FROM users 
              WHERE username  = '$username'";
        $r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli));

        if (mysqli_num_rows($r) == TRUE) {
            $username = NULL;
            echo '<p class="error">Your username is unavailable!</p>';
        } else if(mysqli_num_rows($r) == 0) {
            $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));



    if ($_POST['password1'] == $_POST['password2']) {
        $sha512 = hash('sha512', $_POST['password1']);
        $password = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($sha512)));
    } else {
        $password = NULL;
    } 

    if($password == NULL) {
        echo '<p class="error">Your password did not match the confirmed password!</p>';
    } else {


        if (mysqli_num_rows($dbc) == 0) {
                $mysqli = mysqli_connect("localhost", "root", "", "sitename");
                $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, username, password) 
                                             VALUES ('$user_id', '$first_name', '$username', '$password')");
        }


        if ($dbc == TRUE) {
                $dbc = mysqli_query($mysqli,"UPDATE users 
                开发者_开发问答                             SET first_name = '$first_name', username  = '$username', password = '$password' 
                                             WHERE user_id = '$user_id'");

                echo '<p class="changes-saved">Your changes have been saved!</p>';

        }

        if (!$dbc) {
                print mysqli_error($mysqli);
                return;
        }

    }

        }

    }
}

Here is the html form.

<form method="post" action="index.php">
    <fieldset>
        <ul>
            <li><label for="first_name">First Name: </label><input type="text" name="first_name" id="first_name" size="25" class="input-size" value="<?php if (isset($_POST['first_name'])) { echo  stripslashes(htmlentities(strip_tags($_POST['first_name']))); } else if(!empty($first_name)) { echo  stripslashes(htmlentities(strip_tags($first_name))); } ?>" /></li>
            <li><label for="username">UserName: </label><input type="text" name="username" id="username" size="25" class="input-size" value="<?php if (isset($_POST['username'])) { echo  stripslashes(htmlentities(strip_tags($_POST['username']))); } else if(!empty($username)) { echo  stripslashes(htmlentities(strip_tags($username))); } ?>" /><br /><span>(ex: CSSKing, butterball)</span></li>
            <li><label for="password1">Password: </label><input type="password" name="password1" id="password1" size="25" class="input-size" value="<?php if (isset($_POST['password1'])) { echo  stripslashes(htmlentities(strip_tags($_POST['password1']))); } ?>" /></li>
            <li><label for="password2">Confirm Password: </label><input type="password" name="password2" id="password2" size="25" class="input-size" value="<?php if (isset($_POST['password2'])) { echo  stripslashes(htmlentities(strip_tags($_POST['password2']))); } ?>" /></li>

            <li><input type="submit" name="submit" value="Save Changes" class="save-button" />
                <input type="hidden" name="submitted" value="true" />
            <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
            </ul>
    </fieldset>

</form>


When you're checking for the submitted form on these lines:

if($_POST['username']) {
    $u = "SELECT user_id 
          FROM users 
          WHERE username  = '$username'";

You should put the user's id to prevent getting locked into the same record:

    $u = "SELECT user_id 
          FROM users 
          WHERE username  = '$username'
          AND user_id <> 3";

That's because the checking needs to be done on ALL other user's username field, EXCLUDING the current user :)

Hope this helps!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜