2

有人可以帮我吗,我试图提交超过 3 页的表格。每个都有 3 个文本区域字段,并且我使用会话开始来回显其他页面的表单数据。

所以最后我要做的就是回显表单数据并将其插入 mysql 表 ptb_registrations。

出于某种原因,虽然它不起作用并且我收到错误更新数据库错误。我已经为此工作了几个小时,很抱歉,我无法弄清楚。请有人可以帮助我并告诉我我可能会出错的地方。

第 1 页:

<?php
session_start();
?>

<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email"  />
<input type="submit" value="Next >"  />
</form>

第2页:

<?php
session_start();
// other php code here

$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?"  />
<input type="submit" value="Next >"  />
</form>

第 3 页:

<?php
session_start();
// other php code here

$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
?>

<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)"  />
<input type="submit" value="Next >"  />
</form>

第4页:(mysql函数)

<?php
session_start();
// other php code here

$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
$_SESSION['display_name'] = $display_name;
$_SESSION['password'] = $password;
?>

<?php
////// SEND TO DATABASE


/////////////////////////////////////////////////////////

// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");

// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
    die("Database connection failed: " . mysql_error());
}

// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
    die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
 )
VALUES('NULL',
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
                if (!$result_set) {
                    die("Database query failed: " . mysql_error());
                }
        }
function get_user_id() {
    global $connection;
    global $email;
    $query = "SELECT *
                FROM ptb_registrations
                WHERE email = \"$email\"
                ";
        $user_id_set = mysql_query($query, $connection);
        confirm_query($user_id_set);
        return $user_id_set;
        }
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
    $cookie1 = "{$user_id["id"]}";
    setcookie("ptb_registrations", $cookie1, time()+3600);  /* expire in 1 hour */

}
?>

<?php include ('includes/send_email/reg_email.php'); ?>

<? ob_flush(); ?>
4

4 回答 4

2

请有人可以帮助我并告诉我我可能会出错的地方。

你的代码本身就是可怕的。因为

1) 你混合了会话和数据库的职责

2)您mysql_query()用于不期望结果集的查询。INSERT, UPDATE, DELETE应该使用查询mysql_unbuffered_query()

3) 你不要使用转义值,mysql_real_escape_string()这样你就容易受到 SQL 注入的攻击

4)您使用程序代码和全局状态

5)您使用不推荐使用mysql_*的功能而不是PDOMySQLi

6)您使用字符串连接而不是sprintf(),这里:

 )
 VALUES(
    '".$first_name."',
    '".$last_name."',
    '".$email."',
    '".$date_of_birth."',
    '".$number."',
    '".$display_name."',
    '".$password."'

7) 您不验证$_SESSION和中的任何内容$_POST。如果您设置了变量但它们不存在怎么办?

8)您的查询验证是错误的,这里:confirm_query($result_set) {..

我最好停在这里。

因此,您不必以这种方式编码,而是将职责分开。

对于会话,它应该如下所示:

文件session.php

function seesion_init(){
   if ( session_id() == '' ){
     return session_start();
   } else {
     return true;
   }
}

function session_set(array $values){
  foreach($values as $key => $val){
     $_SESSION[$key] = $val;
  }
}

/**
 * It will give you a confidence that you get an existing value
 * @param string $key
 */
function session_get($key){
    if ( isset($_SESSION[$key]) ){
         return $_SESSION[$key];
    } else {
       throw new RuntimeException(sprintf('Accessed to non-existing session variable %s', $key));
    }
}

文件:dbconnection.php

<?php

define('HOST', '...');
define('USER', '...');
...


function connect(){

   if ( ! mysql_connect(...) ){
      die('...');
   }

   if ( ! mysql_select_db('DB_NAME_HERE') ){
       die('...');
   }
}


function query($query){
  return mysql_query($query); //<- Should only be used for SELECT queries
}


function ub_query($query){
   return mysql_unbuffered_query($query); // <- Should only be used for INSERT, DELETE, UPDATE queries
}

function fetch($result){
  return mysql_fetch_assoc($result);
}

文件:users.php

require_once('dbconnection.php');

connect();

/**
 * Returns user id by his username
 * 
 * @return array on success
 *         FALSE if email does not exists  
 */
function get_user_id_by_email($email) {

   $query = sprintf("SELECT `id` FROM `ptb_registrations` WHERE `email` = '$email' LIMIT 1", mysql_real_escape_string($email));

   $result = ub_query($query);

   if ( $result ){
      return fetch($result);
   } else {
      return false;
   }

}

等等。这里的概念是将每个脚本的职责分开,然后使用您需要的“部分”。

回到原来的问题

您想在表中插入一个值吗?然后首先验证这个值。问题是你不这样做。而已。

于 2013-02-14T06:54:14.553 回答
0

这是不好的做法,整个脚本,但我相信您的 SQL 错误是因为您提供的 ID 为空。ID 可能是一个整数,并且很可能是自动递增的。改为这样做:

$query="INSERT INTO ptb_registrations (
    first_name,
    last_name,
    email,
    date_of_birth,
    contact_number,
    display_name,
    password
 )
 VALUES(
    '".$first_name."',
    '".$last_name."',
    '".$email."',
    '".$date_of_birth."',
    '".$number."',
    '".$display_name."',
    '".$password."'
 )";
于 2013-02-14T06:04:42.063 回答
0

第 1 页:

<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email"  />
<input type="submit" value="Next >"  />
</form>

这里不需要 session_start

第2页:

<?php
session_start();
// other php code here

$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?"  />
<input type="submit" value="Next >"  />
</form>

添加了 $_POST

第 3 页:

<?php
session_start();
// other php code here


$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
?>

<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)"  />
<input type="submit" value="Next >"  />
</form>

添加了 $_POST$_SESSION['first_name'] = $_POST['first_name'];

无需在 page3 中再次添加此部分:

$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;

第 4 页:

<?php
session_start();
// other php code here

$first_name = $_SESSION['first_name'];
$last_name  = $_SESSION['last_name'];
$email      = $_SESSION['email'];
$date_of_birth = $_SESSION['dat_of_birth'] ;
$number    =$_SESSION['number'];
$display_name = $_SESSION['display_name'];
$password  = $_SESSION['password'];
?>

<?php
////// SEND TO DATABASE


/////////////////////////////////////////////////////////

// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");

// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
    die("Database connection failed: " . mysql_error());
}

// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
    die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
 )
VALUES('NULL',
'".mysql_real_escape_string($first_name)."',
'".mysql_real_escape_string($last_name)."',
'".mysql_real_escape_string($email)."',
'".mysql_real_escape_string($date_of_birth)."',
'".mysql_real_escape_string($number)."',
'".mysql_real_escape_string($display_name)."',
'".mysql_real_escape_string($password)."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
                if (!$result_set) {
                    die("Database query failed: " . mysql_error());
                }
        }
function get_user_id() {
    global $connection;
    global $email;
    $query = "SELECT *
                FROM ptb_registrations
                WHERE email = \"$email\"
                ";
        $user_id_set = mysql_query($query, $connection);
        confirm_query($user_id_set);
        return $user_id_set;
        }
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
    $cookie1 = "{$user_id["id"]}";
    setcookie("ptb_registrations", $cookie1, time()+3600);  /* expire in 1 hour */

}
?>

<?php include ('includes/send_email/reg_email.php'); ?>

<? ob_flush(); ?>

将会话分配给变量:

$first_name = $_SESSION['first_name'];

不推荐使用 mysql_* 函数使用 mysqli_* 或 PDO

您的代码容易受到 mysql_injection 的影响:至少使用mysql_real_escape_string

于 2013-02-14T06:13:20.207 回答
0

page2.php你需要设置session如下。

因为$first_name, etc..没有申报。

page2.php

$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];

page3.php

$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];

page4.php

$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];

在 page4.php 中再做一个变量声明。

$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email']; etc...

然后将其存储在数据库中。

于 2013-02-14T06:00:58.600 回答