我正在尝试创建用户记录以输入到phpmyadmin数据库中。
createUserRecord($usersTable, [$r2,"'".$_POST["firstName"]."'","'".$_POST["lastName"]."'","'".$_POST["username"]."'","'".$_POST["password"]."'","'".$_POST["admin"]."'","'".$_POST["email"]."'"]);
我认为$ _POST变量的引号或连接存在问题。
在phpmyadmin数据库中创建了一条记录,但是文本数据类型的值不存在,或者两个整数值显示为0.当我使用print_r打印此createUserRecord的值时,它只打印'1'。
这是用于创建用户记录的注册页面的代码:
<html>
<body>
<p><h2><strong>Welcome to the Marist Room Reservation Recommender!</strong></h2></p>
<p><h3><strong>Reserve a room below!</strong></h3></p>
<?php
require 'sql_helper3.php';
if ($_POST[submitted] == "submitted") {
$r2 = (rand(11111,99999));
createUserRecord($usersTable, [$r2,"'".$_POST["firstName"]."'","'".$_POST["lastName"]."'","'".$_POST["username"]."'","'".$_POST["password"]."'","'".$_POST["admin"]."'","'".$_POST["email"]."'"]);
header('location:verify3.php');
} else {
echo "<h1>Please enter your details:</h1>";
echo "<form action=verify3.php method=post>\n";
echo "First Name: <input type=text name=firstName placeholder=\"Enter First Name\" required=required>\n<br>";
echo "Last Name: <input type=text name=lastName placeholder=\"Enter Last Name\" required=required>\n<br>";
echo "CWID: <input type=\"text\" name=\"CWID\" placeholder=\"Enter CWID\" required=required>\n<br>";
echo "Class: <select name=\"class\">\n";
echo "<option value=\"1\">Freshman</option>\n";
echo "<option value=\"2\">Sophomore</option>\n";
echo "<option value=\"3\">Junior</option>\n";
echo "<option value=\"3\">Senior</option>\n";
echo "</select>\n<br>";
echo " Gender:\n";
echo " <select option name = \"Gender\">\n<br> ";
echo " <option value = \"None\">Select One...</option>\n<br> ";
echo " <option value = \"Male\">Male</option>\n<br> ";
echo " <option value = \"Female\">Female</option>\n<br> ";
echo " </select>\n<br> ";
$sql = "SELECT name, roomsAvailable FROM $dormTable";
if($result = mysqli_query($conn, $sql)) {
$numRows = mysqli_num_rows($result);
echo " <strong>Residence Areas</strong>\n ";
echo " <select name = dorm> \n";
for ($i = 0; $i < $numRows; $i++){
$aDorm = mysqli_fetch_assoc($result);
$dormName = $aDorm['name'];
$dormAvailable = $aDorm['roomsAvailable'];
if($dormName != 'Select One...' && $dormAvailable != 0){
echo "<option value = \"$dormName\" > $dormName ($dormAvailable)</option>\n";
}
elseif ($dormAvailable == 0 && $dormName != 'Select One...'){
echo "<option value = \"$dormName\" disabled=\"disabled\"> $dormName </option> \n";
}
elseif ($dormName == 'Select One...'){
echo "<option value = \"$dormName\"> $dormName </option> \n";
}
}
echo "</select>\n<br><br>";
}
else {
echo "something is wrong: " .mysqli_error($conn);
echo $result;
die;
}
echo "<input type=checkbox name=specialNeeds value=\"1\">Special Needs?\n<br>";
echo "<input type=checkbox name=laundry value=\"1\">Laundry?\n<br>";
echo "<input type=checkbox name=fullyEquippedKitchen value=\"1\">Kitchen?\n<br><br>";
echo "Username:<input type=text name=username placeholder=\"Enter Username\" required=required><br>\n";
echo "Password:<input type=password name=password placeholder=\"Enter Password\" required=required><br>\n";
echo "Email Address:<input type=email name=email placeholder=\"Enter Email\" required=required><br><br>\n";
echo "<input type=checkbox name=admin value=\"1\">Administrator?\n<br>";
echo "<input type=hidden name=submitted value=submitted>\n<br>";
echo "<input type=\"submit\" value=\"Signup\">\n<br>";
echo "</form>\n";
foreach ($_POST as $k => $v){
echo"<input type = hidden name = $k value = \"$v\"> <?php echo print_r($_POST) ?>";
}
}
?>
</body>
这是从另一个php页面调用的函数:
$table = $usersTable;
function createUserRecord($table, $values) {
echo "<br> in createUserRecord(), table is \"$table\", values are ".print_r($values)."\n<br>";
return insertInto($table, ["id", "firstName", "lastName", "username", "password", "admin"], $values);
var_dump($values);
}
function insertInto($table, $columns, $values) {
$sql = "INSERT INTO $table (`" . implode("`, `", $columns) . "`) VALUES ('" . implode("', '", $values) . "')";
return query($sql);
}
这是结果页面:
<?php
//Take user selection from verify
require 'sql_helper3.php';
date_default_timezone_set('America/New_York');
$date = date('m/d/Y h:i:s a', time());
$dorm = $_POST["dorm"];
$sql = "SELECT * FROM $dormTable WHERE name = '$dorm'";
if ($result = mysqli_query($conn, $sql)) {
$dormRecord = mysqli_fetch_assoc($result);
}
$reservationsTable = "Reservations";
$r1 = (rand(11111,99999));
// SQL query to fetch information of registered users and finds user match.
$username=$_POST['username'];
$password=$_POST['password'];
$sql = "SELECT * FROM $usersTable WHERE password = \"$password\" AND username = \"$username\"";
echo "Running SQL $sql\n<br>";
$result = mysqli_query($conn,$sql);
$_SESSION['login_user']=$username; // user is logged in now
// echo "Initializing session...";
$aUser = mysqli_fetch_assoc($result);
//print_r($aUser);die;
$_SESSION['user_firstname'] = $aUser['firstName'];
$_SESSION['user_lastname'] = $aUser['lastName'];
$_SESSION['user_email'] = $aUser['email'];
$_SESSION['user_class'] = $aUser['class'];
$_SESSION['user_gender'] = $aUser['Gender'];
$_SESSION['user_kitchen'] = $aUser['fullyEquippedKitchen'];
$_SESSION['user_laundry'] = $aUser['laundry'];
$_SESSION['user_specialneeds'] = $aUser['specialNeeds'];
$_SESSION['user_admin'] = $aUser['admin'];
$_SESSION['user_id'] = $aUser['id'];
createReservationRecord($reservationsTable, [$r1, $date, "'".$usersTable[id]."'", "'".$dormRecord[id]."'", "'".$_POST[CWID]."'", "'".$_POST[firstName]."'", "'".$_POST[lastName]."'", "'".$_POST['class']."'", "'".$_POST[gender]."'", "'".$_POST[fullyEquippedKitchen]."'", "'".$_POST[laundry]."'", "'".$_POST[specialNeeds]."'"]);
//Update the record where the dorm id is used and set the roomsAvailable to -1 for that dorm
$sql = "UPDATE $dormTable SET roomsAvailable = ".--$dormRecord[roomsAvailable] ." WHERE id = $dormRecord[id]";
query($sql);
//Update the record where the dorm id is used and set the roomsreserved to +1 for that dorm
$sql = "UPDATE $dormTable SET roomsReserved = ".++$dormRecord[roomsReserved] ." WHERE id = $dormRecord[id]";
query($sql);
echo"<br>This is the users table ".print_r($usersTable)."<br>";
?>
<html>
<body>
<h1>Reservation Confirmation </h1>
</table>
Confirmation Number: <?php echo "$r1"; ?> <br>
Date: <?php echo "$date";?><br>
First Name: <?php echo $_POST["firstName"];?><br>
Last Name: <?php echo $_POST["lastName"]; ?><br>
CWID: <?php echo $_POST["CWID"]; ?><br>
Gender: <?php echo $_POST["Gender"]; ?><br>
Class: <?php
if($_POST["class"] == 1){
echo "Freshman";
}
elseif($_POST["class"] == 2){
echo "Sophomore";
}
else{
echo "Junior/Senior";
//or we could do upperclassman
}
; ?><br>
Residence Area: <?php echo $_POST["dorm"]; ?><br>
Special Needs: <?php
if ($_POST["specialNeeds"]){
echo "Yes";
}
else{
echo "No";
} ?><br>
Laundry: <?php if (isset($_POST["laundry"])){
echo "Yes";
}
else{
echo "No";
}
?><br>
Fully Equipped Kitchen: <?php
if (isset($_POST["fullyEquippedKitchen"])){
echo "Yes";
}
else{
echo "No";
}
if ($aUser["admin"]) {
echo "<br><br><a href=admin_main.php>Click here</a> to go to the admin landing page.\n<br>";
//header("location: admin_main.php"); // redirecting to admin landing page
}
else {
echo "<br><br><a href=reservations.php>Click here</a> to go to the reservations page.\n<br>";
// header('Location: profile.php'); // Redirecting To Students Landing page
}
?>
<br>
</body>
此结果页面的输出为:
运行SQL SELECT * FROM Users WHERE password =“bbb”AND username =“kk” 警告:第42行/home/ubuntu/workspace/Project_Three/results3.php中的非法字符串偏移'id'调用堆栈:0.0003 241480 1. {main}()/ home/ubuntu/workspace/Project_Three/results3.php:0用户 这是用户表1
预订确认
确认号码:19843
日期:2016年11月29日下午01:28:30
名字:k
姓氏:b
CWID:18738783
性别:女性
班级:新生
居住区:Leo Hall
特殊需要:否
洗衣店:否
设备齐全的厨房:没有
点击此处转到预订页面。