有人可以帮助我,我试图提交一份超过3页的表格。每个中的3个文本区域字段和im使用会话开始回显其他页面的表单数据。
所以最后我要做的就是回显表单数据并将其插入到mysql表ptb_registrations中。
由于某种原因,虽然它不工作,我得到错误更新数据库错误。我一直在努力工作几个小时我很抱歉地说,我无法弄清楚。请有人帮助我,告诉我可能出错的地方。
第1页:
<?php
session_start();
?>
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
第2页:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?" />
<input type="submit" value="Next >" />
</form>
第3页:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
?>
<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)" />
<input type="submit" value="Next >" />
</form>
第4页:( mysql函数)
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
$_SESSION['display_name'] = $display_name;
$_SESSION['password'] = $password;
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES('NULL',
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
答案 0 :(得分:2)
请有人帮助我并告诉我可能出错的地方。
你的代码本身就太可怕了。的因为:
1)您混合会话和数据库职责
2)您使用mysql_query()进行不期望结果集的查询。对于INSERT, UPDATE, DELETE个查询,应使用mysql_unbuffered_query()
3)您没有使用mysql_real_escape_string()转义值,因此您很容易受到SQL注入攻击
4)您使用程序代码和全局状态
5)您使用弃用的mysql_*函数代替PDO或MySQLi
6)你使用字符串连接而不是sprintf(),这里:
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
7)您不会在$_SESSION和$_POST中验证任何内容。如果您设置了变量而它们不存在怎么办?
8)您的查询验证错误,此处为:confirm_query($result_set) {..
我最好停在这里。
因此,不是以这种方式编码,而是真正分开责任。
对于会话,它应该如下所示:
档案session.php
function seesion_init(){
if ( session_id() == '' ){
return session_start();
} else {
return true;
}
}
function session_set(array $values){
foreach($values as $key => $val){
$_SESSION[$key] = $val;
}
}
/**
* It will give you a confidence that you get an existing value
* @param string $key
*/
function session_get($key){
if ( isset($_SESSION[$key]) ){
return $_SESSION[$key];
} else {
throw new RuntimeException(sprintf('Accessed to non-existing session variable %s', $key));
}
}
档案:dbconnection.php
<?php
define('HOST', '...');
define('USER', '...');
...
function connect(){
if ( ! mysql_connect(...) ){
die('...');
}
if ( ! mysql_select_db('DB_NAME_HERE') ){
die('...');
}
}
function query($query){
return mysql_query($query); //<- Should only be used for SELECT queries
}
function ub_query($query){
return mysql_unbuffered_query($query); // <- Should only be used for INSERT, DELETE, UPDATE queries
}
function fetch($result){
return mysql_fetch_assoc($result);
}
档案:users.php
require_once('dbconnection.php');
connect();
/**
* Returns user id by his username
*
* @return array on success
* FALSE if email does not exists
*/
function get_user_id_by_email($email) {
$query = sprintf("SELECT `id` FROM `ptb_registrations` WHERE `email` = '$email' LIMIT 1", mysql_real_escape_string($email));
$result = ub_query($query);
if ( $result ){
return fetch($result);
} else {
return false;
}
}
等等。这里的概念是分离每个脚本的职责,然后使用你需要的“部分”。
回到原来的问题
您想在表格中插入一个值吗?然后首先验证此值。问题是你不这样做。没什么。
答案 1 :(得分:0)
在page2.php中,您需要设置session,如下所示。
因为$first_name, etc..未声明。
<强>使page2.php
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];<强> page3.php
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];<强> page4.php
$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];再做一个变量声明。
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email']; etc...然后将其存储在数据库中。
答案 2 :(得分:0)
这是一个不好的做法,这整个脚本,但我相信你的SQL错误是因为你提供一个ID为null。 ID可能是一个整数,很可能是自动增量。这样做:
$query="INSERT INTO ptb_registrations (
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
答案 3 :(得分:0)
Pge 1:
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
此处不需要session_start
Page2:
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?" />
<input type="submit" value="Next >" />
</form>
添加了$ _POST
第3页:
<?php
session_start();
// other php code here
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
?>
<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)" />
<input type="submit" value="Next >" />
</form>
添加了$ _POST $_SESSION['first_name'] = $_POST['first_name'];
无需在第3页再次添加此部分:
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
第4页:
<?php
session_start();
// other php code here
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$date_of_birth = $_SESSION['dat_of_birth'] ;
$number =$_SESSION['number'];
$display_name = $_SESSION['display_name'];
$password = $_SESSION['password'];
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES('NULL',
'".mysql_real_escape_string($first_name)."',
'".mysql_real_escape_string($last_name)."',
'".mysql_real_escape_string($email)."',
'".mysql_real_escape_string($date_of_birth)."',
'".mysql_real_escape_string($number)."',
'".mysql_real_escape_string($display_name)."',
'".mysql_real_escape_string($password)."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
将会话分配给变量:
$first_name = $_SESSION['first_name'];
mysql_ *函数不建议使用mysqli_ *或PDO
您的代码容易受到mysql_injection的攻击:使用至少mysql_real_escape_string