我只是编程方面的新手,我不知道代码中的问题。我记录了在tblins中输入的数据,但是我在tbluser中的数据不会进入我的数据库。但是当我尝试删除我的tblins的插入查询时,我想在tbluser中输入的数据可以记录在我的数据库中。我该怎么做才能让我的两个表能够记录我在页面中单击提交后输入的所有数据?感谢。
$usr="INSERT INTO tbluser(username,password,type) VALUES('".$_POST['txtuname']."','".$_POST['txtpass']."','".$_POST['type']."')";
$ins="INSERT INTO tblins(insLN,insFM,insMN,insadd,insCN,insemail,insbdate) VALUES('".$_POST['txtLN']."','".$_POST['txtFN']."','".$_POST['txtMN']."','".$_POST['txtadd']."','".$_POST['txtCN']."','".$_POST['txtemail']."','".$bdate."')";
这是我的完整代码。
<?php
include("connect.php");
if(isset($_POST['txtpass']) && isset($_POST['txtrepass'])){
$password1=mysql_real_escape_string($_POST['txtpass']);
$password2=mysql_real_escape_string($_POST['txtrepass']);
if($password1==$password2){
$typeopt=$_POST['type'];
$bdate=$_POST['year']."-".$_POST['month']."-".$_POST['day'];
switch($typeopt){
case 'ins':
$usr=mysql_query("INSERT INTO tbluser(username,password,type) VALUES('".$_POST['txtuname']."','".$_POST['txtpass']."','".$_POST['type']."')");
$ins=mysql_query("INSERT INTO tblins(insLN,insFM,insMN,insadd,insCN,insemail,insbdate) VALUES('".$_POST['txtLN']."','".$_POST['txtFN']."','".$_POST['txtMN']."','".$_POST['txtadd']."','".$_POST['txtCN']."','".$_POST['txtemail']."','".$bdate."')");
if(mysqli_query($con,$ins)) {
echo"success";
}
else{
echo"fail to register";
}
break;
case 'student':
$std="INSERT INTO tblstudent(studLN,studFN,studMN,studBDate,studemail,studadd,studCN)";
$usr="INSERT INTO tbluser(username,password,type)";
$usr=$usr."VALUES('".$_POST['txtuname']."',";
$usr=$usr."'".$_POST['txtpass']."',";
$usr=$usr."'".$_POST['type']."')";
$std=$std."VALUES('".$_POST['txtLN']."',";
$std=$std."'".$_POST['txtFN']."',";
$std=$std."'".$_POST['txtMN']."',";
$std=$std."'".$bdate."',";
$std=$std."'".$_POST['txtemail']."',";
$std=$std."'".$_POST['txtadd']."',";
$std=$std."'".$_POST['txtCN']."')";
if(mysqli_query($con,$std)) {
echo"success";
}
else{
echo"fail to register";
}
}
}
else{
echo"<form>";
echo "Password doesn't match. Try registering again.";
echo "<input type=submit formaction=register.php value=back>";
echo"</form>";
}
}
&GT;
答案 0 :(得分:3)
首先,构建查询的方式非常容易出错和SQL注入。
如果有点清洁,如:
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$stmt = $db->prepare("INSERT INTO table(field1,field2,field3,field4,field5) VALUES(:field1,:field2,:field3,:field4,:field5)");
$stmt->execute(array(':field1' => $field1, ':field2' => $field2, ':field3' => $field3, ':field4' => $field4, ':field5' => $field5));
并确保检查错误消息。