Heey,
我忙于一个必须将其值插入数据库(mysql)的表单。表单必须写入两个名为address和person的表。人员信息需要写入人,其地址必须写入地址表。然而,当我按提交时,它会说一切都成功但是它不会仅仅在地址中存储信息。
在数据库中,person_address在以后的状态下链接到address_id,我将创建一个详细信息表单,其中" admin"可以选择城市或州,它将显示城市和州的所有人。
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO person (person_firstname, person_lastname, person_email, person_phonenumber, person_cv)
VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[telephone]','$_POST[email]','$_POST[cv]')";
$sql = "INSERT INTO address (address_street, address_housenumber, address_zipcode, address_city, address_state)
VALUES
('$_POST[straat]','$_POST[huisnummer]','$_POST[postcode]','$_POST[stad]','$_POST[provincie]')";
if ($conn->query($sql) === TRUE) {
$URL="http://localhost:8080/Website/bedankt.php";
header ("Location: $URL");
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
答案 0 :(得分:2)
正如Fred -ii-已经说过的那样,你通过将第二个查询写入同一个变量来覆盖第一个查询。要解决此问题,您应该使用两个查询。
$sql1 = "...";
$sql2 = "...";
if($conn->query($sql1) === TRUE && $conn->query($sql2) === TRUE) {
...
}
此外,还可以进行SQL注入,因为您无法转义$_POST
参数。这允许其他人在您的服务器上执行恶意SQL。您应该查看mysqli::prepare
或mysqli::real_escape_string
。
答案 1 :(得分:1)
如上所述,您在不执行变量的情况下覆盖$sql
变量。另外,请考虑使用prepared statements对$_POST
变量进行清理和绑定。此外,您可以使用mysqli->insertid
捕获address_id
表中的auto_increment address
,并在后续person
追加查询中使用它来维护两个表之间的关系。当然,您需要反转sql语句的顺序。
// DATABASE CONNECTION
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// ADDRESS APPEND - PREPARE SQL STATEMENT AND BIND PARAMS
$stmt = $conn->prepare("INSERT INTO address (address_street, address_housenumber,
address_zipcode, address_city, address_state)
VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $straat, $huisnummer, $postcode, $staad, $provincie);
$straat = htmlspecialchars($_POST[straat]);
$huisnummer = htmlspecialchars($_POST[huisnummer]);
$postcode = htmlspecialchars($_POST[postcode]);
$stad = htmlspecialchars($_POST[stad]);
$provincie = htmlspecialchars($_POST[provincie]);
// EXECUTE STATEMENT
$result = $stmt->execute();
if ($result === FALSE) {
die("Error: " . $stmt->error);
}
// CAPTURE LAST INSERTED address_id
$last_id = $conn->insert_id;
// PERSON APPEND - PREPARE SQL STATEMENT AND BIND PARAMS
$stmt = $conn->prepare("INSERT INTO person (person_firstname, person_lastname,
person_email, person_phonenumber,
person_cv, person_address)
VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssi", $firstname, $lastname, $telephone, $email, $cv, $last_id);
$firstname = htmlspecialchars($_POST[firstname]);
$lastname = htmlspecialchars($_POST[lastname]);
$telephone = htmlspecialchars($_POST[telephone]);
$email = htmlspecialchars($_POST[email]);
$cv = htmlspecialchars($_POST[cv]);
// EXECUTE STATEMENT
$result = $stmt->execute();
if ($result === TRUE) {
$URL="http://localhost:8080/Website/bedankt.php";
header ("Location: $URL");
} else {
echo "Error: " . $stmt->error;
}
$stmt->close();
$conn->close();