在php引号问题中创建记录

时间:2016-11-29 18:08:33

标签: php sql database record quotations

我正在尝试创建用户记录以输入到phpmyadmin数据库中。

createUserRecord($usersTable, [$r2,"'".$_POST["firstName"]."'","'".$_POST["lastName"]."'","'".$_POST["username"]."'","'".$_POST["password"]."'","'".$_POST["admin"]."'","'".$_POST["email"]."'"]);

我认为$ _POST变量的引号或连接存在问题。

在phpmyadmin数据库中创建了一条记录,但是文本数据类型的值不存在,或者两个整数值显示为0.当我使用print_r打印此createUserRecord的值时,它只打印'1'。

这是用于创建用户记录的注册页面的代码:

<html>
<body>
<p><h2><strong>Welcome to the Marist Room Reservation Recommender!</strong></h2></p>
<p><h3><strong>Reserve a room below!</strong></h3></p>
<?php
require 'sql_helper3.php';

if ($_POST[submitted] == "submitted") {

  $r2 = (rand(11111,99999));
    createUserRecord($usersTable, [$r2,"'".$_POST["firstName"]."'","'".$_POST["lastName"]."'","'".$_POST["username"]."'","'".$_POST["password"]."'","'".$_POST["admin"]."'","'".$_POST["email"]."'"]);
    header('location:verify3.php');

} else {
    echo "<h1>Please enter your details:</h1>";
    echo "<form action=verify3.php method=post>\n";
    echo "First Name: <input type=text name=firstName placeholder=\"Enter First Name\" required=required>\n<br>";
    echo "Last Name: <input type=text name=lastName placeholder=\"Enter Last Name\" required=required>\n<br>";
    echo "CWID: <input type=\"text\" name=\"CWID\" placeholder=\"Enter CWID\" required=required>\n<br>";

    echo "Class: <select name=\"class\">\n";
    echo "<option value=\"1\">Freshman</option>\n";
    echo "<option value=\"2\">Sophomore</option>\n";
    echo "<option value=\"3\">Junior</option>\n";
    echo "<option value=\"3\">Senior</option>\n";
    echo "</select>\n<br>";

    echo " Gender:\n";
    echo " <select option name = \"Gender\">\n<br> ";
    echo " <option value = \"None\">Select One...</option>\n<br> ";
    echo " <option value = \"Male\">Male</option>\n<br> ";
    echo " <option value = \"Female\">Female</option>\n<br> ";
    echo " </select>\n<br> ";

     $sql = "SELECT name, roomsAvailable FROM $dormTable";

    if($result = mysqli_query($conn, $sql)) {
        $numRows = mysqli_num_rows($result);
        echo " <strong>Residence Areas</strong>\n ";
        echo " <select name = dorm> \n";
        for ($i = 0; $i < $numRows; $i++){
            $aDorm = mysqli_fetch_assoc($result);
            $dormName = $aDorm['name'];
            $dormAvailable = $aDorm['roomsAvailable'];
        if($dormName != 'Select One...' && $dormAvailable != 0){
            echo "<option value = \"$dormName\" > $dormName ($dormAvailable)</option>\n";
        }
        elseif ($dormAvailable == 0 && $dormName != 'Select One...'){
            echo "<option value = \"$dormName\" disabled=\"disabled\"> $dormName </option> \n";
        }
        elseif ($dormName == 'Select One...'){
            echo "<option value = \"$dormName\"> $dormName </option> \n";
        }
            }
            echo "</select>\n<br><br>";
    } 

    else {
            echo "something is wrong: " .mysqli_error($conn);
            echo $result;
            die;
    }

    echo "<input type=checkbox name=specialNeeds value=\"1\">Special Needs?\n<br>";
    echo "<input type=checkbox name=laundry value=\"1\">Laundry?\n<br>";
    echo "<input type=checkbox name=fullyEquippedKitchen value=\"1\">Kitchen?\n<br><br>";

    echo "Username:<input type=text name=username placeholder=\"Enter Username\" required=required><br>\n";
    echo "Password:<input type=password name=password placeholder=\"Enter Password\" required=required><br>\n";
    echo "Email Address:<input type=email name=email placeholder=\"Enter Email\" required=required><br><br>\n";
    echo "<input type=checkbox name=admin value=\"1\">Administrator?\n<br>";

    echo "<input type=hidden name=submitted value=submitted>\n<br>";
    echo "<input type=\"submit\" value=\"Signup\">\n<br>";
    echo "</form>\n";

    foreach ($_POST as $k => $v){
                    echo"<input type = hidden name = $k value = \"$v\"> <?php echo print_r($_POST) ?>";
    }

}
?>

</body>

这是从另一个php页面调用的函数:

 $table = $usersTable;

function createUserRecord($table, $values) {
    echo "<br> in createUserRecord(), table is \"$table\", values are ".print_r($values)."\n<br>";
    return insertInto($table, ["id", "firstName", "lastName", "username", "password", "admin"], $values);
    var_dump($values);
}

function insertInto($table, $columns, $values) {
    $sql = "INSERT INTO $table (`" . implode("`, `", $columns) . "`) VALUES ('" . implode("', '", $values) . "')";
    return query($sql);
}

这是结果页面:

<?php 
//Take user selection from verify
require 'sql_helper3.php'; 

date_default_timezone_set('America/New_York');
$date = date('m/d/Y h:i:s a', time());
$dorm = $_POST["dorm"];
$sql = "SELECT * FROM $dormTable WHERE name = '$dorm'";

if ($result = mysqli_query($conn, $sql)) {
            $dormRecord = mysqli_fetch_assoc($result); 
}

$reservationsTable = "Reservations";
$r1 = (rand(11111,99999));





    // SQL query to fetch information of registered users and finds user match.
$username=$_POST['username'];
$password=$_POST['password'];
$sql = "SELECT * FROM $usersTable WHERE password = \"$password\" AND username = \"$username\"";
echo "Running SQL $sql\n<br>";
$result = mysqli_query($conn,$sql);
$_SESSION['login_user']=$username; // user is logged in now
//      echo "Initializing session...";
  $aUser = mysqli_fetch_assoc($result);
//print_r($aUser);die;
  $_SESSION['user_firstname'] = $aUser['firstName'];
  $_SESSION['user_lastname'] = $aUser['lastName'];
  $_SESSION['user_email'] = $aUser['email'];
  $_SESSION['user_class'] = $aUser['class'];
  $_SESSION['user_gender'] = $aUser['Gender'];
  $_SESSION['user_kitchen'] = $aUser['fullyEquippedKitchen'];
  $_SESSION['user_laundry'] = $aUser['laundry'];
  $_SESSION['user_specialneeds'] = $aUser['specialNeeds'];
  $_SESSION['user_admin'] = $aUser['admin'];
  $_SESSION['user_id'] = $aUser['id'];

createReservationRecord($reservationsTable, [$r1, $date, "'".$usersTable[id]."'", "'".$dormRecord[id]."'", "'".$_POST[CWID]."'", "'".$_POST[firstName]."'", "'".$_POST[lastName]."'", "'".$_POST['class']."'", "'".$_POST[gender]."'", "'".$_POST[fullyEquippedKitchen]."'", "'".$_POST[laundry]."'", "'".$_POST[specialNeeds]."'"]);

//Update the record where the dorm id is used and set the roomsAvailable to -1 for that dorm
$sql = "UPDATE $dormTable SET roomsAvailable = ".--$dormRecord[roomsAvailable] ." WHERE id = $dormRecord[id]";
query($sql);

//Update the record where the dorm id is used and set the roomsreserved to +1 for that dorm
$sql = "UPDATE $dormTable SET roomsReserved = ".++$dormRecord[roomsReserved] ." WHERE id = $dormRecord[id]";
query($sql);
echo"<br>This is the users table ".print_r($usersTable)."<br>";
?>

<html>
    <body>
    <h1>Reservation Confirmation </h1>

   </table>
    Confirmation Number: <?php echo "$r1"; ?> <br>
    Date: <?php echo "$date";?><br>
    First Name: <?php echo $_POST["firstName"];?><br> 
    Last Name: <?php echo $_POST["lastName"]; ?><br>
    CWID: <?php echo $_POST["CWID"]; ?><br>
    Gender: <?php echo $_POST["Gender"]; ?><br> 
    Class: <?php 
    if($_POST["class"] == 1){
        echo "Freshman";
    }
    elseif($_POST["class"] == 2){
        echo "Sophomore";
    }
    else{
        echo "Junior/Senior";
        //or we could do upperclassman
    }
; ?><br>
Residence Area: <?php echo $_POST["dorm"]; ?><br>
Special Needs: <?php 
    if ($_POST["specialNeeds"]){
        echo "Yes";
    }
    else{
        echo "No";
    } ?><br>

    Laundry: <?php if (isset($_POST["laundry"])){
        echo "Yes";
    }
    else{
        echo "No";
    } 
?><br>

Fully Equipped Kitchen: <?php 
    if (isset($_POST["fullyEquippedKitchen"])){
        echo "Yes";
    }
    else{
        echo "No";
    } 
    if ($aUser["admin"]) {
    echo "<br><br><a href=admin_main.php>Click here</a> to go to the admin landing page.\n<br>";
    //header("location: admin_main.php"); // redirecting to admin landing page
  } 
  else {
      echo "<br><br><a href=reservations.php>Click here</a> to go to the reservations page.\n<br>";
    // header('Location: profile.php'); // Redirecting To Students Landing     page
  } 

?>
<br>

</body>

此结果页面的输出为:

运行SQL SELECT * FROM Users WHERE password =“bbb”AND username =“kk” 警告:第42行/home/ubuntu/workspace/Project_Three/results3.php中的非法字符串偏移'id'调用堆栈:0.0003 241480 1. {main}()/ home/ubuntu/workspace/Project_Three/results3.php:0用户 这是用户表1

预订确认

确认号码:19843

日期:2016年11月29日下午01:28:30

名字:k

姓氏:b

CWID:18738783

性别:女性

班级:新生

居住区:Leo Hall

特殊需要:否

洗衣店:否

设备齐全的厨房:没有

点击此处转到预订页面。

0 个答案:

没有答案