modify.php

希望这个对大家有用

<?php require_once('Connections/member.php'); ?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "message.php?error=5";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE members SET gender=%s, birthdate=%s, question=%s, answer=%s, email=%s, introduce=%s WHERE userid=%s",
                       GetSQLValueString($_POST['radGender'], "text"),
                       GetSQLValueString($_POST['txtBirthdate'], "date"),
                       GetSQLValueString($_POST['txtQuestion'], "text"),
                       GetSQLValueString($_POST['txtAnswer'], "text"),
                       GetSQLValueString($_POST['txtEmail'], "text"),
                       GetSQLValueString($_POST['txtIntroduce'], "text"),
                       GetSQLValueString($_POST['hidUserid'], "int"));

  mysql_select_db($database_member, $member);
  $Result1 = mysql_query($updateSQL, $member) or die(mysql_error());

  $updateGoTo = "modify.php?status=ok";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

$colname_rsMember = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsMember = (get_magic_quotes_gpc()) ? $_SESSION['MM_Username'] : addslashes($_SESSION['MM_Username']);
}
mysql_select_db($database_member, $member);
$query_rsMember = sprintf("SELECT userid, username, gender, birthdate, question, answer, email, introduce FROM members WHERE username = %s", GetSQLValueString($colname_rsMember, "text"));
$rsMember = mysql_query($query_rsMember, $member) or die(mysql_error());
$row_rsMember = mysql_fetch_assoc($rsMember);
$totalRows_rsMember = mysql_num_rows($rsMember);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>修改会员资料</title>
<link href="style/style.css" rel="stylesheet" type="text/css" />
</head>

<body>
<?php include( "menu.php" ); ?>
<form action="" method="post" name="form1">
<form action="<?php echo $editFormAction; ?>" id="form1" name="form1" method="POST">
  <table width="368" border="1" align="center" bordercolor="#0066CC" rules="none">
    <tr>
      <th colspan="2" bgcolor="#0066CC" scope="col" class="title">修改会员资料</th>
    </tr>
    <tr>
      <td width="128" align="right">用户名：</td>
      <td><?php echo $row_rsMember['username']; ?></td>
    </tr>
    <tr>
      <td width="128" align="right">性别：</td>
      <td><input <?php if (!(strcmp($row_rsMember['gender'],"男"))) {echo "checked=\"checked\"";} ?> name="radGender" type="radio" value="男" checked="checked" />
男
  <input <?php if (!(strcmp($row_rsMember['gender'],"女"))) {echo "checked=\"checked\"";} ?> type="radio" name="radGender" value="女" />
女</td>
    </tr>
    <tr>
      <td width="128" align="right">出生日期：</td>
      <td><input name="txtBirthdate" type="text" id="txtBirthdate" value="<?php echo $row_rsMember['birthdate']; ?>" /></td>
    </tr>
    <tr>
      <td width="128" align="right">安全问题：</td>
      <td><input name="txtQuestion" type="text" id="txtQuestion" value="<?php echo $row_rsMember['question']; ?>" /></td>
    </tr>
    <tr>
      <td width="128" align="right">答案：</td>
      <td><input name="txtAnswer" type="text" id="txtAnswer" value="<?php echo $row_rsMember['answer']; ?>" /></td>
    </tr>
    <tr>
      <td width="128" align="right">电子信箱：</td>
      <td><input name="txtEmail" type="text" id="txtEmail" value="<?php echo $row_rsMember['email']; ?>" /></td>
    </tr>
    <tr>
      <td width="128" align="right">自我介绍：      </td>
      <td><textarea name="txtIntroduce" rows="3" id="txtIntroduce"><?php echo $row_rsMember['introduce']; ?></textarea></td>
    </tr>
    <tr>
      <td width="128" height="32" align="right"><input name="hidUserid" type="hidden" id="hidUserid" value="<?php echo $row_rsMember['userid']; ?>" /></td>
      <td height="32"><input type="submit" name="Submit" value="更新" />
      &nbsp;&nbsp;
      <input type="reset" name="Submit2" value="重置" /></td>
    </tr>
  </table>
  <input type="hidden" name="MM_update" value="form1">
</form>
<?php
if ( isset ( $_GET["status"] ) && ( $_GET["status"] ) == "ok" )
  echo "<p align=\"center\">您的个人信息已被更新。</p>\n";
?>
</body>
</html>
<?php
mysql_free_result($rsMember);
?>