表示不以正确的方式写入数据库

时间:2016-02-24 16:03:35

标签: php mysql

Heey,

我忙于一个必须将其值插入数据库(mysql)的表单。表单必须写入两个名为address和person的表。人员信息需要写入人,其地址必须写入地址表。然而,当我按提交时,它会说一切都成功但是它不会仅仅在地址中存储信息。

在数据库中,person_address在以后的状态下链接到address_id,我将创建一个详细信息表单,其中" admin"可以选择城市或州,它将显示城市和州的所有人。

picture 1 picture 2 picture 3     

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO person (person_firstname, person_lastname, person_email,      person_phonenumber, person_cv)
VALUES     ('$_POST[firstname]','$_POST[lastname]','$_POST[telephone]','$_POST[email]','$_POST[cv]')";

$sql = "INSERT INTO address (address_street, address_housenumber,     address_zipcode, address_city, address_state)
VALUES
('$_POST[straat]','$_POST[huisnummer]','$_POST[postcode]','$_POST[stad]','$_POST[provincie]')";

if ($conn->query($sql) === TRUE) {
    $URL="http://localhost:8080/Website/bedankt.php";  

header ("Location: $URL");  
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

2 个答案:

答案 0 :(得分:2)

正如Fred -ii-已经说过的那样,你通过将第二个查询写入同一个变量来覆盖第一个查询。要解决此问题,您应该使用两个查询。

$sql1 = "...";

$sql2 = "...";

if($conn->query($sql1) === TRUE && $conn->query($sql2) === TRUE) {
   ...
}

此外,还可以进行SQL注入,因为您无法转义$_POST参数。这允许其他人在您的服务器上执行恶意SQL。您应该查看mysqli::preparemysqli::real_escape_string

答案 1 :(得分:1)

如上所述,您在不执行变量的情况下覆盖$sql变量。另外,请考虑使用prepared statements$_POST变量进行清理和绑定。此外,您可以使用mysqli->insertid捕获address_id表中的auto_increment address,并在后续person追加查询中使用它来维护两个表之间的关系。当然,您需要反转sql语句的顺序。

// DATABASE CONNECTION
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

// ADDRESS APPEND - PREPARE SQL STATEMENT AND BIND PARAMS
$stmt = $conn->prepare("INSERT INTO address (address_street, address_housenumber, 
                                             address_zipcode, address_city, address_state)
                        VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $straat, $huisnummer, $postcode, $staad, $provincie);

$straat = htmlspecialchars($_POST[straat]);
$huisnummer = htmlspecialchars($_POST[huisnummer]);
$postcode = htmlspecialchars($_POST[postcode]);
$stad = htmlspecialchars($_POST[stad]);
$provincie = htmlspecialchars($_POST[provincie]);

// EXECUTE STATEMENT
$result = $stmt->execute();    
if ($result === FALSE) {
    die("Error: " . $stmt->error);
}

// CAPTURE LAST INSERTED address_id
$last_id = $conn->insert_id;

// PERSON APPEND - PREPARE SQL STATEMENT AND BIND PARAMS
$stmt = $conn->prepare("INSERT INTO person (person_firstname, person_lastname, 
                                            person_email, person_phonenumber,
                                            person_cv, person_address)
                         VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssi", $firstname, $lastname, $telephone, $email, $cv, $last_id);

$firstname = htmlspecialchars($_POST[firstname]);
$lastname = htmlspecialchars($_POST[lastname]);
$telephone = htmlspecialchars($_POST[telephone]);
$email = htmlspecialchars($_POST[email]);
$cv = htmlspecialchars($_POST[cv]);

// EXECUTE STATEMENT
$result = $stmt->execute();    
if ($result === TRUE) {
    $URL="http://localhost:8080/Website/bedankt.php";  
    header ("Location: $URL");  
} else {
    echo "Error: " . $stmt->error;
}

$stmt->close();
$conn->close();