好的,所以我正在制作一个基于口袋妖怪浏览器的游戏,我很难做到这一点,当用户注册到我的网站时,他们获得了他们选择的入门口袋妖怪。除了为用户提供口袋妖怪之外,我已经完成了所有这些工作,现在它将口袋妖怪输入到数据库中,但是它不会将注册它的小精灵带给了使其属于空的域。我很难解释。
以下是我的代码中将数据输入到存储所有用户口袋妖怪的表的部分。
<?php
if ($_POST['starter'] == '1' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '2' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '3' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '4' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '5' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '6' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '7' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '8' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '9' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '10' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '11' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '12' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
?>
我无法弄清楚的是如何制作它所以它需要用户注册的名称并将其替换为。$ _ SESSION ['username']。我知道这样做是行不通的,因为这个人还没有登录,因为他们还在注册。
这是我的表格。
<form action="" method="post">
<div align="center">
<ul>
<p></p>
Username* <br>
<input type="text" name="username">
<p></p>
Password*<br>
<input type="password" name="password">
<p></p>
Password again*<br>
<input type="password" name="password_again">
<p></p>
First name<br>
<input type="text" name="first_name">
<p></p>
Last name<br>
<input type="text" name="last_name">
<p></p>
Email*<br>
<input type="text" name="email">
<p></p>
Starter*<br>
<select name="starter" id="" >
<option value="1">Bulbasaur</option>
<option value="2">Charmander</option>
<option value="3">Squirtle</option>
<option value="4">Chikorita</option>
<option value="5">Cyndaquil</option>
<option value="6">Totodile</option>
<option value="7">Treecko</option>
<option value="8">Torchic</option>
<option value="9">Mudkip</option>
<option value="10">Turtwig</option>
<option value="11">Chimchar</option>
<option value="12">Piplup</option>
</select>
<p></p>
<input type="submit" value="Register">
</ul>
</div>
<ul>
</ul>
</form>
我很抱歉这个巨大的问题,但任何帮助将不胜感激:)
答案 0 :(得分:1)
伙计,看起来你是PHP的新手,所以让我给出一些建议。
你必须假设你的访客是一个狂热的连环杀手 破坏你的申请。你必须阻止它。
顺便说一句,这应该可以解决问题,使用PDO:
$dbh = new PDO('mysql:dbname=YOURDBNAME;host=localhost', $db_user, $db_passwd);
// Get the choosen starter pokemon
$starter = $_POST['starter'];
$pokemons = array(
1 => 'Bulbasaur',
2 => 'Charmander',
//[.. and so on..]
);
// check if choosed pokemon is available
if(!in_array($starter, $pokemons))
{
// Pokemon not available, throw exception, error, die(), whatever
}
else
{
// Insert the pokemn into the db
$insert = $dbh->prepare("INSERT INTO user_pokemon (pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES (:pokemon, :user, 100,:time ,1, 5 ,'Normal')");
$user_name = $_POST['username']; // what about check the username? Sanitization, etc..
if($insert->execute(array(':pokemon' => $pokemons[$starter], ':user' => $user_name, ':time' => time())))
{
// Success!
}
else
{
// Error!
$error = $insert->errorInfo();
print_r("There was an error: \ncode: %s\nmessage:%s", $error[1], $error[2]);
}
}
答案 1 :(得分:0)
您的代码还有很多需要改进的地方。但这是一个快速修复:
<?php
if ($_POST['starter'] == '1' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '2' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '3' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '4' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '5' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '6' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '7' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '8' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '9' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '10' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '11' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '12' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
?>
这假设您的帖子是从您网页上的该表单提交的。像其他人说的那样,学习PDO:http://php.net/manual/en/book.pdo.php
您当前的代码很容易进行SQL注入:http://en.wikipedia.org/wiki/SQL_injection
那不好。