尝试使用php将会话变量传递给mysql查询

时间:2017-07-13 13:36:04

标签: php mysql session

我希望有人可以提供帮助,
我编写了以下函数 - insert_address($address)来将地址记录写入mysql数据库。它会写出除custid之外的所有字段。

custid是另一个表的主索引,存储在会话变量$_SESSION

从函数

下面的表单中调用函数insert_address($address)

我已经包含了其他代码来显示会话ID等额外背景。

<?php

  function insert_address($address) {
        global $db;


      $sql = "INSERT INTO address ";
      $sql .= "(custid, houseno, street_1, street_2, town, county, postcode, country) ";
      $sql .= "VALUES (";
      $sql .= "'" . db_escape($db, $address['custid']) . "',";
     $sql .= "'" . db_escape($db, $address['houseno']) . "',";
     $sql .= "'" . db_escape($db, $address['street_1']) . "',";
     $sql .= "'" . db_escape($db, $address['street_2']) . "',";
     $sql .= "'" . db_escape($db, $address['town']) . "',";
     $sql .= "'" . db_escape($db, $address['county']) . "',";
     $sql .= "'" . db_escape($db, $address['postcode']) . "',";
     $sql .= "'" . db_escape($db, $address['country']) . "'";
     $sql .= ")";
     $result = mysqli_query($db, $sql);


     // For INSERT statements, $result is true/false

     if($result) {
       return true;
     } else {
       // INSERT failed
       echo mysqli_error($db);
       db_disconnect($db);
       exit;
     }
   }

?>

PHP表格

<?php

require_once('../../private/initialize.php');

require_user_login();

if(is_post_request()) {
  $address = [];
  $address ['custid'] = $_POST['custid'] ?? '';
  $address['houseno'] = $_POST['houseno'] ?? '';
  $address['street_1'] = $_POST['street_1'] ?? '';
  $address['street_2'] = $_POST['street_2'] ?? '';
  $address['town'] = $_POST['town'] ?? '';
  $address['county'] = $_POST['county'] ?? '';
  $address['postcode'] = $_POST['postcode'] ?? '';
  $address['country'] = $_POST['country'] ?? '';

  $result = insert_address($address);
  if($result === true) {
//    $new_id = mysqli_insert_id($db);
    $_SESSION['message'] = 'Address Created.';
    redirect_to(url_for('/admin/show.php?id=' . $custid));
  } else {
    $errors = $result;
  }

} else {
  // display the blank form
  $address = [];
  $address['custid'] = $_GET['custid'] ?? '1';
  $address['houseno'] = '';
  $address['street_1'] = '';
  $address['street_2'] = '';
  $address['town'] = '';
  $address['county'] = '';
  $address['postcode'] = '';
  $address['country'] = '';
}


?>

<?php $page_title = 'Create Address'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>

<div id="content">

  <a class="back-link" href="<?php echo url_for('/admin/show.php'); ?>">&laquo; Back to Account Page</a>

  <div class="admin new">
    <h1>Create Address</h1>

    <?php echo display_errors($errors); ?>

    <form action="<?php echo url_for('/admin/address.php'); ?>" method="post">
      <dl>
        <dt>House Number</dt>
        <dd><input type="text" name="houseno" value="<?php echo h($address['houseno']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Street</dt>
        <dd><input type="text" name="street_1" value="<?php echo h($address['street_1']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Street 2</dt>
        <dd><input type="text" name="street_2" value="<?php echo h($address['street_2']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Town or City</dt>
        <dd><input type="text" name="town" value="<?php echo h($address['town']); ?>" /></dd>
      </dl>

      <dl>
        <dt>County </dt>
        <dd><input type="text" name="county" value="<?php echo h($address['county']); ?>" /><br /></dd>
      </dl>

      <dl>
        <dt>Post Code </dt>
        <dd><input type="text" name="postcode" value="<?php echo h($address['postcode']); ?>" /><br /></dd>
      </dl>

      <dl>
        <dt>Country </dt>
        <dd><input type="text" name="country" value="<?php echo h($address['country']); ?>" /><br /></dd>
      </dl>

      <br />

      <div id="operations">
        <input type="submit" value="Add Address" />
      </div>
    </form>

  </div>

</div>

<?php include(SHARED_PATH . '/public_footer.php'); ?>



<?php

  require_once('db_credentials.php');

  function db_connect() {
    $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
    confirm_db_connect();
    return $connection;
  }

  function db_disconnect($connection) {
    if(isset($connection)) {
      mysqli_close($connection);
    }
  }

  function db_escape($connection, $string) {
    return mysqli_real_escape_string($connection, $string);
  }

  function confirm_db_connect() {
    if(mysqli_connect_errno()) {
      $msg = "Database connection failed: ";
      $msg .= mysqli_connect_error();
      $msg .= " (" . mysqli_connect_errno() . ")";
      exit($msg);
    }
  }

  function confirm_result_set($result_set) {
    if (!$result_set) {
       exit("Database query failed.");
    }
  }

?>

我已经尝试过使用全局变量,只是把它放入试图强制传递的值,现在已经删除它们但仍然得到相同的结果, 我正在使用会话ID来传递所需的变量,同时在页面之间移动。

<?php
// Performs all actions necessary to log in an customer
function log_in_customer($customer) {
// Renerating the ID protects the customer from session fixation.
  session_regenerate_id();
  $_SESSION['custid'] = $customer['custid'];
  $_SESSION['last_login'] = time();
  $_SESSION['username'] = $customer['username'];
  return true;
}

// Performs all actions necessary to log out an customer
function log_out_customer() {
  unset($_SESSION['custid']);
  unset($_SESSION['last_login']);
  unset($_SESSION['username']);
  // session_destroy(); // optional: destroys the whole session
  return true;
}


// is_logged_in() contains all the logic for determining if a
// request should be considered a "logged in" request or not.
// It is the core of require_login() but it can also be called
// on its own in other contexts (e.g. display one link if a customer
// is logged in and display another link if they are not)
function user_is_logged_in() {
  // Having a cust_id in the session serves a dual-purpose:
  // - Its presence indicates the customer is logged in.
  // - Its value tells which customer for looking up their record.
  return isset($_SESSION['custid']);
}

// Call require_login() at the top of any page which needs to
// require a valid login before granting acccess to the page.
function require_user_login() {
  if(!user_is_logged_in()) {
    redirect_to(url_for('/login.php'));
  } else {
    // Do nothing, let the rest of the page proceed
  }
}

?>

<?php 

// Performs all actions necessary to log out an customer
function log_out_customer() {
  unset($_SESSION['custid']);
  unset($_SESSION['last_login']);
  unset($_SESSION['username']);
  // session_destroy(); // optional: destroys the whole session
  return true;
}
?>

我确信这只是一个我找不到的简单修复!

1 个答案:

答案 0 :(得分:1)

您永远不会分配$_POST['custid']。您应该使用您在登录时设置的会话变量。

尝试在PHP表单中使用$_SESSION['custid']。因此,不要在PHP表单中使用$address ['custid'] = $_POST['custid'] ?? '';,而是使用$address ['custid'] = $_SESSION['custid'] ?? '';我认为您只是使用了错误的变量。