<?php
require("MySQLDAO.php");
$config = parse_ini_file('../database.ini');
$returnValue = array();
//checking if the information is not empty.
if(empty($_REQUEST["firstname"]) || empty($_REQUEST["lastname"])
|| empty($_REQUEST["address"])|| empty($_REQUEST["postcode"])|| empty($_REQUEST["userid"])){
$returnValue["error"]="Missing information";
$returnValue["message"]="You have not added all the information needed to sign up.";
echo json_encode($returnValue);
return;
}
//protect from sql injections.
$fn = htmlentities($_REQUEST["firstname"]);
$ln = htmlentities($_REQUEST["lastname"]);
$add = htmlentities($_REQUEST["address"]);
$post = htmlentities($_REQUEST["postcode"]);
$userid = htmlentities($_REQUEST["userid"]);
// read ini file which has the keys.
$dbhost = trim($config["dbhost"]);
$dbuser = trim($config["dbuser"]);
$dbpass = trim($config["dbpass"]);
$dbname = trim($config["dbname"]);
$dao = new MySQLDAO($dbhost,$dbuser,$dbpass,$dbname);
$dao ->openConnection();
$userdetails = $dao->postAccDetail($userid);
if (!empty($userdetails))
{
$returnValue["error"]="Error 101";
$returnValue["message"]="You have already submitted to get your accounts through the post.";
echo json_encode($returnValue);
return;
}
//register new user.
$result = $dao ->registerPost($fn,$ln,$add,$post,$userid);
if($result){
$returnValue["Message1"] = "Congratulations!";
$returnValue["Message2"] = "We will be sending your details to you in the next 5 working days.";
}
else{
$returnValue["error"] = "Something went wrong";
$returnValue["Message"] = "Sorry we could not create a profile for you please try again.";
}
$dao ->closeConnection();
echo json_encode($returnValue);
?>
<database file>
public function postAccDetail($userid) {
$returnValue = array();
$sql = "select * from post where userid ='".$userid."'";
$result = $this->conn->query($sql);
if ($result != null && (mysqli_num_rows($result) >= 1)) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if (!empty($row)) {
$returnValue = $row;
}
}
return $returnValue;
}
public function registerPost($fn,$ln,$add,$post,$userid) {
$sql = "insert into post set firstname=?,lastname=?,address=?,postcode=?,userid=?";
$statement = $this->conn->prepare($sql);
if (!$statement)
throw new Exception($statement->error);
//the 5s indicate that the values are going to be strings.
$statement->bind_param("ssssi",$fn,$ln,$add,$post,$userid);
$returnValue = $statement->execute();
return $returnValue;
}
我似乎无法使用此代码发现错误,并且想知道是否有人可以提供帮助。当我在我的本地机器上运行该文件时,我似乎很好但是当我将文件上传到服务器时,我似乎无法加载资源我知道数据库文件是正确的,因为其他文件似乎没有问题。
I've added an image of the database aswell.
有人可以帮助我。
