Question

HTML CODE

<form method = "POST" action = "register.php">
    <div class = "register">
    <center>
        <div class = "heading"></br>
            <strong>--- REGISTER ---</strong></br></br>
        </div>
    </center>

    <div class = "registration">

        First Name: <input type = "text" placeholder = "Enter First Name" name = "Cus_fname" style = "margin-left: 48px;" required></br></br>
        Last Name: <input type = "text" placeholder = "Enter Last Name" name = "Cus_lname" style = "margin-left: 49px;" required></br></br>
        Username: <input type = "text" placeholder = "Enter Username" name = "Cus_Uname" style = "margin-left: 55px;" required></br></br>
        Password: <input type = "password" placeholder = "Enter Password" name = "Cus_Pword" style = "margin-left: 61px;" required></br></br>
        Address: <input type = "text" placeholder = "Enter Address" name = "Cus_address" style = "margin-left: 67px;" required></br></br>
        Contact No.: <input type = "text" placeholder = "Enter Contact Number" name = "Cus_contactnum" style = "margin-left: 38px;" required></br></br>
        Email: <input type = "text" placeholder = "Enter E-mail Address" name = "Cus_email" style = "margin-left: 88px;" required></br></br>

        <input type = "submit" name = "submit" value = "Submit" style = "margin-left: 110px;"></br>

    </div></br>
    </form>

PHP代码

<?php
if(isset($_POST['submit'])){



    $cf = $_POST['Cus_fname'];
    $cl = $_POST['Cus_lname'];
    $cu = $_POST['Cus_Uname'];
    $cp = $_POST['Cus_Pword'];
    $ca = $_POST['Cus_address'];
    $cn = $_POST['Cus_contactnum'];
    $ce = $_POST['Cus_email'];

    include("config.php");


    mysqli_query($con, "INSERT INTO account (Cus_ID, Cus_Uname, Cus_Pword) VALUES ('null', '$cu', '$cp')");
    mysqli_query($con, "INSERT INTO client (Cus_ID, Cus_lname, Cus_fname, Cus_address, Cus_contactnum, Cus_email) VALUES(null, '$cl', '$cf', '$ca', '$cn', '$ce')");

    mysqli_close($con);
}
?>

问题是它只在一个表上添加，这是我的客户端表，它只在我的帐户表中添加了1个数据

我在我的数据库中使用MySQL Workbench

Answer 1

使用预准备语句可以防止SQL注入。检查所有帖子有助于确保在需要时有一些价值。

<?php
if(isset($_POST['submit'])){
    // Populate each variable
    $cf = isset($_POST['Cus_fname'])?$_POST['Cus_fname']:"";
    $cl = isset($_POST['Cus_lname'])?$_POST['Cus_lname']:"";
    $cu = isset($_POST['Cus_Uname'])?$_POST['Cus_Uname']:"";
    $cp = isset($_POST['Cus_Pword'])?$_POST['Cus_Pword']:"";
    $ca = isset($_POST['Cus_address'])?$_POST['Cus_address']:"";
    $cn = isset($_POST['Cus_contactnum'])?$_POST['Cus_contactnum']:"";
    $ce = isset($_POST['Cus_email'])?$_POST['Cus_email']:"";

    include("config.php");

    if ($stmt = $mysqli->prepare("INSERT INTO account (Cus_Uname, Cus_Pword) VALUES (?, ?, ?)")) {
        // bind parameters for markers
        $stmt->bind_param("sss", $cu, $cp);
        // execute query
        $stmt->execute();
        // close statement
        $stmt->close();
    }
    if ($stmt = $mysqli->prepare("INSERT INTO client (Cus_lname, Cus_fname, Cus_address, Cus_contactnum, Cus_email) VALUES (?, ?, ?, ?, ?)")) {
        // bind parameters for markers
        $stmt->bind_param("sssss", $cl, $cf, $ca, $cn, $ce);
        // execute query
        $stmt->execute();
        // close statement
        $stmt->close();
    }

    mysqli_close($con);
}
?>

此代码假定您的ID列使用自动增量。在这种情况下，您不需要在INSERT中包含IS，它将在查询运行时自动完成。

Answer 2

检查您的帐户表的查询。

mysqli_query（$ con，＆＃34; INSERT INTO帐户（Cus_ID，Cus_Uname，Cus_Pword）价值观（＆＃39; null＆＃39;，＆＃39; $ cu＆＃39;，＆＃39; $ cp＆＃39;）＆＃34;）;

你输入了一个拼写错误＆＃39; null＆＃39; 这是一个字符串到你的Cus_ID中我假设数据类型是INT，因为它是一个ID。删除单引号 null ，看看是否有效。

如何仅在一个表单中添加2个表格中的数据

2 个答案: