PHP表单插入到Sql Server存储过程

时间:2014-05-05 04:50:43

标签: php sql sql-server stored-procedures insert

我已经尝试了一个星期来找到明确的指南或答案,将我的注册表单值传递给存储过程。 SP一次写入多个表和另外一个数据库。

希望听到你说的话可能会对我有所帮助!非常感谢:)。

这是我的SP

ALTER Procedure [dbo].[AC_sp_CreateAccount]
(
@strGameAccount varchar(32),        
@strGamePWD varchar(32),        
@strTjUser  varchar(32),        
@strSex         int,        
@strage         int,        
@strBirthday    varchar(32),        
@strTrueId  varchar(32),        
@strEmail   varchar(32),        
@strErrInfo varchar(512)  output    
)
As
SET NOCOUNT ON
SET XACT_ABORT ON

Begin Tran

Declare @iRetCode int
Declare @dtExpireTime   datetime

set @iRetCode = -1
set @strErrInfo = ''

if not exists(select 1 from Account where AccountID = @strGameAccount)
begin
    set @dtExpireTime = '2100-01-01 00:00:00.000'
INSERT INTO Account(
        [AccountID]
   ,[CN]            
       ,[Age]
       ,[Sex]
   ,[Name]
       ,[Email]
       ,[TrueId])
 VALUES
       (
        @strGameAccount
       ,@strGamePWD
           ,0
       ,0
       ,@strEmail
       ,@strEmail
       ,@strTrueId
         )

exec BILLING.dbo.BIL_sp_CreateBilling @strGameAccount,@strGamePWD

    set @iRetCode = 1
    set @strErrInfo = 'err'
end
else
begin
    set @iRetCode = 0
    set @strErrInfo = 'err'
end

if (@iRetCode = 1 OR @iRetCode = 0)
    Commit Tran
else
    Rollback Tran

return @iRetCode

这是我的php表单代码

<?php

$server = "127.0.0.1";

$connectionInfo_acc = array("Database" => "Account", "UID" => "***", "PWD" => "***");

$conn_acc = sqlsrv_connect($server, $connectionInfo_acc);

if (isset($_POST['add-reg'])){
    if ($_SERVER['REQUEST_METHOD'] == "POST"){
        if (empty($_POST['username']) or empty($_POST['password']) or                  empty($_POST['repassword']) or
        empty($_POST['email']) or empty($_POST['reemail'])){
            echo "<script type ='text/javascript'>alert('All fields are required');history.go(-1);</script>";
            exit;

    }else{

        if (preg_match("/[^A-Za-z0-9]/", $_POST['username']) or preg_match("/[^A-Za-z0-9]/",
            $_POST['password']) or preg_match("/[^A-Za-z0-9]/", $_POST['repassword'])){
                echo "<script type='text/javascript'>alert('Please do not use special characters');history.go(-1);</script>";
                exit;

        }else{

            $_SESSION['username'] = $_POST['username'];
            $_SESSION['password'] = $_POST['password'];
            $_SESSION['repassword'] = $_POST['repassword'];

            unset($_POST['username']);
            unset($_POST['password']);
            unset($_POST['repassword']);
        }

        if (preg_match("/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/",
            $_POST['email']) or preg_match("/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/",
            $_POST['reemail'])){

            $_SESSION['email'] = $_POST['email'];
            $_SESSION['reemail'] = $_POST['reemail'];
            unset($_POST['email']);
            unset($_POST['reemail']);

        }else{

            echo "<script type='text/javascript'>alert('Please do not use special characters including - and _ in email.');history.go(-1);</script>";
            exit;
        }
    }

$username = ($_SESSION['username']);
$password = ($_SESSION['password']);
$email    = ($_SESSION['email']);

//Check if user exists
$stmt_acc_chk = "SELECT * FROM dbo.Account WHERE AccountID = '$username'";
$search = sqlsrv_query($conn_acc, $stmt_acc_chk);
$result = sqlsrv_has_rows($search);

if( $search === false){
    die( print_r( sqlsrv_errors(), true) );
}

sqlsrv_free_stmt($search);

if ($result == true){
    echo "<script type='text/javascript'>alert('Username is taken!');history.go(-1);</script>";
    exit;

}else{

    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    $_SESSION['email']    = $email;

    //Insert new account
    $new_account = "INSERT Account (AccountID, CN, Email) VALUES('$username','$password','$email')";
    $params = array($username, $password, $email);
    $options = array("Scrollable" => 'Static');
    $execute = sqlsrv_query($conn_acc, $new_account, $params, $options);

    if ($execute == true){
        echo "<script type='text/javascript'>alert('Account created success!');history.go(0);</script>";
        exit;
    }

    sqlsrv_free_stmt($new_account);
    sqlsrv_close($conn_acc);

    header('Location: register.php');
    } 
  }
}

0 个答案:

没有答案