我希望有人可以提供帮助,
我编写了以下函数 - insert_address($address)
来将地址记录写入mysql数据库。它会写出除custid
之外的所有字段。
custid
是另一个表的主索引,存储在会话变量$_SESSION
从函数
下面的表单中调用函数insert_address($address)
我已经包含了其他代码来显示会话ID等额外背景。
<?php
function insert_address($address) {
global $db;
$sql = "INSERT INTO address ";
$sql .= "(custid, houseno, street_1, street_2, town, county, postcode, country) ";
$sql .= "VALUES (";
$sql .= "'" . db_escape($db, $address['custid']) . "',";
$sql .= "'" . db_escape($db, $address['houseno']) . "',";
$sql .= "'" . db_escape($db, $address['street_1']) . "',";
$sql .= "'" . db_escape($db, $address['street_2']) . "',";
$sql .= "'" . db_escape($db, $address['town']) . "',";
$sql .= "'" . db_escape($db, $address['county']) . "',";
$sql .= "'" . db_escape($db, $address['postcode']) . "',";
$sql .= "'" . db_escape($db, $address['country']) . "'";
$sql .= ")";
$result = mysqli_query($db, $sql);
// For INSERT statements, $result is true/false
if($result) {
return true;
} else {
// INSERT failed
echo mysqli_error($db);
db_disconnect($db);
exit;
}
}
?>
PHP表格
<?php
require_once('../../private/initialize.php');
require_user_login();
if(is_post_request()) {
$address = [];
$address ['custid'] = $_POST['custid'] ?? '';
$address['houseno'] = $_POST['houseno'] ?? '';
$address['street_1'] = $_POST['street_1'] ?? '';
$address['street_2'] = $_POST['street_2'] ?? '';
$address['town'] = $_POST['town'] ?? '';
$address['county'] = $_POST['county'] ?? '';
$address['postcode'] = $_POST['postcode'] ?? '';
$address['country'] = $_POST['country'] ?? '';
$result = insert_address($address);
if($result === true) {
// $new_id = mysqli_insert_id($db);
$_SESSION['message'] = 'Address Created.';
redirect_to(url_for('/admin/show.php?id=' . $custid));
} else {
$errors = $result;
}
} else {
// display the blank form
$address = [];
$address['custid'] = $_GET['custid'] ?? '1';
$address['houseno'] = '';
$address['street_1'] = '';
$address['street_2'] = '';
$address['town'] = '';
$address['county'] = '';
$address['postcode'] = '';
$address['country'] = '';
}
?>
<?php $page_title = 'Create Address'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>
<div id="content">
<a class="back-link" href="<?php echo url_for('/admin/show.php'); ?>">« Back to Account Page</a>
<div class="admin new">
<h1>Create Address</h1>
<?php echo display_errors($errors); ?>
<form action="<?php echo url_for('/admin/address.php'); ?>" method="post">
<dl>
<dt>House Number</dt>
<dd><input type="text" name="houseno" value="<?php echo h($address['houseno']); ?>" /></dd>
</dl>
<dl>
<dt>Street</dt>
<dd><input type="text" name="street_1" value="<?php echo h($address['street_1']); ?>" /></dd>
</dl>
<dl>
<dt>Street 2</dt>
<dd><input type="text" name="street_2" value="<?php echo h($address['street_2']); ?>" /></dd>
</dl>
<dl>
<dt>Town or City</dt>
<dd><input type="text" name="town" value="<?php echo h($address['town']); ?>" /></dd>
</dl>
<dl>
<dt>County </dt>
<dd><input type="text" name="county" value="<?php echo h($address['county']); ?>" /><br /></dd>
</dl>
<dl>
<dt>Post Code </dt>
<dd><input type="text" name="postcode" value="<?php echo h($address['postcode']); ?>" /><br /></dd>
</dl>
<dl>
<dt>Country </dt>
<dd><input type="text" name="country" value="<?php echo h($address['country']); ?>" /><br /></dd>
</dl>
<br />
<div id="operations">
<input type="submit" value="Add Address" />
</div>
</form>
</div>
</div>
<?php include(SHARED_PATH . '/public_footer.php'); ?>
<?php
require_once('db_credentials.php');
function db_connect() {
$connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
confirm_db_connect();
return $connection;
}
function db_disconnect($connection) {
if(isset($connection)) {
mysqli_close($connection);
}
}
function db_escape($connection, $string) {
return mysqli_real_escape_string($connection, $string);
}
function confirm_db_connect() {
if(mysqli_connect_errno()) {
$msg = "Database connection failed: ";
$msg .= mysqli_connect_error();
$msg .= " (" . mysqli_connect_errno() . ")";
exit($msg);
}
}
function confirm_result_set($result_set) {
if (!$result_set) {
exit("Database query failed.");
}
}
?>
我已经尝试过使用全局变量,只是把它放入试图强制传递的值,现在已经删除它们但仍然得到相同的结果, 我正在使用会话ID来传递所需的变量,同时在页面之间移动。
<?php
// Performs all actions necessary to log in an customer
function log_in_customer($customer) {
// Renerating the ID protects the customer from session fixation.
session_regenerate_id();
$_SESSION['custid'] = $customer['custid'];
$_SESSION['last_login'] = time();
$_SESSION['username'] = $customer['username'];
return true;
}
// Performs all actions necessary to log out an customer
function log_out_customer() {
unset($_SESSION['custid']);
unset($_SESSION['last_login']);
unset($_SESSION['username']);
// session_destroy(); // optional: destroys the whole session
return true;
}
// is_logged_in() contains all the logic for determining if a
// request should be considered a "logged in" request or not.
// It is the core of require_login() but it can also be called
// on its own in other contexts (e.g. display one link if a customer
// is logged in and display another link if they are not)
function user_is_logged_in() {
// Having a cust_id in the session serves a dual-purpose:
// - Its presence indicates the customer is logged in.
// - Its value tells which customer for looking up their record.
return isset($_SESSION['custid']);
}
// Call require_login() at the top of any page which needs to
// require a valid login before granting acccess to the page.
function require_user_login() {
if(!user_is_logged_in()) {
redirect_to(url_for('/login.php'));
} else {
// Do nothing, let the rest of the page proceed
}
}
?>
<?php
// Performs all actions necessary to log out an customer
function log_out_customer() {
unset($_SESSION['custid']);
unset($_SESSION['last_login']);
unset($_SESSION['username']);
// session_destroy(); // optional: destroys the whole session
return true;
}
?>
我确信这只是一个我找不到的简单修复!
答案 0 :(得分:1)
您永远不会分配$_POST['custid']
。您应该使用您在登录时设置的会话变量。
尝试在PHP表单中使用$_SESSION['custid']
。因此,不要在PHP表单中使用$address ['custid'] = $_POST['custid'] ?? '';
,而是使用$address ['custid'] = $_SESSION['custid'] ?? '';
我认为您只是使用了错误的变量。