INTRO-LVL编程器:验证&在PHP / MySQL中执行指导

时间:2016-01-31 17:35:12

标签: php mysql

我是一名非独联体专业的学生,​​通过我的大学参加一个未成年人的入门编程课程。我已经能够成功编写我需要的大多数PHP文件,但是在如何在同一文档中执行两个函数方面已经陷入困境。希望你能提供帮助。

在网站内,我希望能够首先使用MySQL来检查一个名为User的用户(用户最初在该站点注册),以验证他们实际上已经注册并且他们提供的凭据是正确的,然后执行查询以将它们添加到另一个表。

我已经尝试过mysqli_multi_query无济于事,而且就功能而言,我只是缺乏经验并且不确定我的选择。

我已经包含了下面的代码,但要知道这是一团糟,因为在我决定寻求帮助之前,我尝试过几种不同的方法 

<?php
    session_start(); 
    require_once("config.php");

    $GroupDesc = $_GET["GroupDesc"]; 
    $LeaderID = $_GET["LeaderID"];
    $URL = $_GET["URL"];
    $Email=$_GET["Email"];

    $con = mysqli_connect("$SERVER","$USERID","$DBPASSWORD","$DATABASE");

    $query2= "INSERT INTO FA15_1052_tuf02984.WebsiteGroups (ID, Description, LeaderID, URL, LeaderEmail) VALUES ('$GroupDesc', '$LeaderID', '$URL', '$Email');";

    /* Here I want to perform the first query or $query1 which checks if the 
    user exists in MySQL and the info submitted in form is same */

    $query1= "SELECT * from USER where LeaderID = '$ID' and Email = '$Email';";
    if ($status = mysqli_query($con, $query1)) {
        } else {
            print "Some of the data you provided didn't match our records. Please contact the webmaster.".mysqli_error($con)." <br>"; 
            $_SESSION["RegState"]= -11;
            $_SESSION["ErrorMsg"]= "Database insertion failed due to inconsistent data: ".mysqli_error($con);
            header("Location:../index.php");
            die();
        }

    /* How do I tell the file to move onto the next query, which is $query2?

    if ($query2) {
      $query = "INSERT INTO FA15_1052_tuf02984.WebsiteGroups (ID, Description, LeaderID, URL, LeaderEmail)
      VALUES ('$GroupDesc', '$LeaderUID', '$URL', '$Email');";
    }       */

        } else { 
            print "Membership update failed. Please contact webmaster.".mysqli_error($con)." <br>"; 
            $_SESSION["RegState"]= -11; // 0: Not Registered, 1: Register, -1: Error 
            $_SESSION["ErrorMsg"]= "Database Insert failed: ".mysqli_error($con);
            header("Location:../index.php");
            die();
        }

1 个答案:

答案 0 :(得分:0)

有几点可以重新排列代码以使逻辑更容易理解。 (别担心;这只是经验所带来的东西。)我将在下面的代码中包含一些注释来解释我所做的事情。

<?php
    session_start(); 
    require_once("config.php");

    $GroupDesc = $_GET["GroupDesc"]; 
    $LeaderID = $_GET["LeaderID"];
    $URL = $_GET["URL"];
    $Email=$_GET["Email"];

    // mysqli_connect is deprecated; the preferred syntax is
    $con = new mysqli("$SERVER","$USERID","$DBPASSWORD","$DATABASE");

    $query1= "SELECT * from USER where LeaderID = '$ID' and Email = '$Email';";
    $result = mysqli_query($con, $query1);

    // I personally prefer the following opening-brace style; I just find it
    //  easier to read. You can use the other style if you want; just do it 
    //  consistently.
    if ($result)
    {
        $row = mysqli_fetch_assoc($result);
        if($row)
        {
            if (($row['ID'] != $LeaderID) or ($row['Email'] != $Email))
            {
                // Handle the error first, and exit immediately
                print "Some of the data you provided didn't match our records. Please contact the webmaster.".mysqli_error($con)." <br>"; 
                $_SESSION["RegState"]= -11;
                $_SESSION["ErrorMsg"]= "Database Insert failed due to inconsistent data: ".mysqli_error($con);
                header("Location:../index.php");
                die();
            }
            else
            {
                // If the query succeeded, fall through to the code that processes it
                $query = "INSERT INTO FA15_1052_tuf02984.WebsiteGroups (ID, Description, LeaderID, URL, LeaderEmail)
                             VALUES ('$GroupDesc', '$LeaderUID', '$URL', '$Email');";

                $status = mysqli_query($con, $query);

                if ($status)
                { 
                    // membership has been updated  
                    $_SESSION["RegState"]=9.5; // 0: Not Registered, 1: Register, -1: Error 
                    $message="This is confirmation that you the group you lead has been added to our database.
                        Your group's ID in our database is "$GID". Please keep this in your records as you will need it to make changes.
                        If this was done in error, please contact the webmaster at tuf02984webmaster@website.com";
                    $headers = 'From: tuf02984webmaster@example.com'."\r\n".
                        'Reply-To: tuf02984webmaster@example.com'. "\r\n".
                         'X-Mailer: PHP/' . phpversion();
                    mail($Email, "You are a group leader!", $message, $headers);
                    header("Location:../index.php"); 
                    // die();
                    // You only use die() to return from an error state.
                    // Calling die() creates an entry in the server's error log file.
                    // For a successful completion, use
                    return;
                }
            }
        }
    }

    // If we get here, then something has gone wrong which we haven't already handled
    print "Membership update failed. Please contact webmaster.".mysqli_error($con)." <br>"; 
    $_SESSION["RegState"]= -11; // 0: Not Registered, 1: Register, -1: Error 
    $_SESSION["ErrorMsg"]= "Database Insert failed: ".mysqli_error($con);
    header("Location:../index.php");
    die();

?>

基本习语是:执行某些操作,处理特定错误,处理成功,执行其他操作等,最后处理可能来自多个点的任何错误。如果有任何不清楚的地方,请询问并编辑我的答案。

我还没有在这里报道准备好的陈述。 Prepared statements是执行非平凡查询的首选方式;它们有助于抵制SQL injection attacks以及简化类型匹配,引用和转义特殊字符。

相关问题
最新问题