我对 php 和 stackoverflow 还很陌生,但我知道基础知识,而且我可以很快学会。
我想到了一个应用程序,该应用程序涉及向用户呈现多组复选框和单选按钮,每个组位于单独的页面上,并从菜单到达。
例如国籍办公室姓名收入概况
他们不必从每个组中进行选择,当他们做出选择时,他们可以根据他们的选择查询数据库,然后显示数据。我希望他们能够通过重新访问任何选择页面来调整他们的选择,然后重新查询数据库。
当他们通过这些选择表格进行时,我如何最好地存储他们的选择。我是否使用 cookie 或会话变量?我考虑过将他们的选择存储在数据库中,但这可能会变得复杂。
在这个阶段我只需要指针。
谢谢
贾斯汀
I would design this in the following manner:
Create form that has any and all the data you want about them. Write the PHP so that if you supply the ID of the user (will get to that shortly) if queries their record from the database and shows everything that they have saved. They can make any changes they like and submit the form. This updates their record in the database and the next time they view the page, the new information is shown.
When the form is submitted, it should first check to see if they exist already - if so, update the record - if not, insert it. You can do this in PHP, but you could also do it via a nice mysql statement (insert into... on duplicate key update).
When a user creates an account, their login/username is tied to a unique ID in the database. When they verify this (by logging in again) that ID is passed to a session variable so that you can access their data nice and easily from the database at any point.
Lastly, I would suggest that when you are doing this, use prepared statements to get data to and from the database, I would suggest PDO myself, it's nice, it can be cross database compatible and the like. If you are looking at good security, I suggest not storing the password directly, but salting it and keeping a hash that is verified on the fly. It might be a good idea to insert a semi-unique token right off the bat, so that if they forget their password you can send it to them to verify via a link back. Also, storing a username/login in a cookie is okayish, but never store a password in there. In fact, never store password in a session either - once they are verified, just store a signed in flag of some sort and check against that.
Edit:
If you are able to assign the user a unique ID at the start of the process (like say getting an email from the user) you can then give them a unique ID (or heck, at a pinch, use their email address) then you can then you can insert data into the final row from the start. Mysql offers the insert ... on duplicate key update syntax. That means you can insert the data into the row with each page that is passed, refer back to it at any point and as a bonus because you use a unique key like their email address this will keep them tied to the data, they are able to enter some data, leave your site and come back at a later time and fill the rest in.