1

我只是编程新手,我不知道我的代码有什么问题。我在 tblins 中输入的数据被记录,但我在 tbluser 中的数据不会进入我的数据库。但是当我尝试删除我的 tblins 的插入查询时,我想在 tbluser 中输入的数据可以记录在我的数据库中。我应该怎么做才能让我的两个表可以记录我在页面中单击提交后输入的所有数据?谢谢。

$usr="INSERT INTO tbluser(username,password,type) VALUES('".$_POST['txtuname']."','".$_POST['txtpass']."','".$_POST['type']."')";
$ins="INSERT INTO tblins(insLN,insFM,insMN,insadd,insCN,insemail,insbdate) VALUES('".$_POST['txtLN']."','".$_POST['txtFN']."','".$_POST['txtMN']."','".$_POST['txtadd']."','".$_POST['txtCN']."','".$_POST['txtemail']."','".$bdate."')";

感谢先生的所有建议。:DI 目前准备好了解什么是 sql 注入。希望能学到更多。:D

这是我的完整代码。

<?php
include("connect.php");
if(isset($_POST['txtpass']) && isset($_POST['txtrepass'])){

                    $password1=mysql_real_escape_string($_POST['txtpass']);
                    $password2=mysql_real_escape_string($_POST['txtrepass']);

                    if($password1==$password2){



                                $typeopt=$_POST['type'];

                                $bdate=$_POST['year']."-".$_POST['month']."-".$_POST['day'];

                                switch($typeopt){
                                       case 'ins':


                                        $usr=mysql_query("INSERT INTO tbluser(username,password,type) VALUES('".$_POST['txtuname']."','".$_POST['txtpass']."','".$_POST['type']."')");

                                        $ins=mysql_query("INSERT INTO tblins(insLN,insFM,insMN,insadd,insCN,insemail,insbdate) VALUES('".$_POST['txtLN']."','".$_POST['txtFN']."','".$_POST['txtMN']."','".$_POST['txtadd']."','".$_POST['txtCN']."','".$_POST['txtemail']."','".$bdate."')");


                                        if(mysqli_query($con,$ins)) {
                                            echo"success";
                                        }
                                        else{
                                            echo"fail to register";
                                        }

                                        break;

                                        case 'student':
                                        $std="INSERT INTO tblstudent(studLN,studFN,studMN,studBDate,studemail,studadd,studCN)";
                                        $usr="INSERT INTO tbluser(username,password,type)";
                                        $usr=$usr."VALUES('".$_POST['txtuname']."',";
                                        $usr=$usr."'".$_POST['txtpass']."',";
                                        $usr=$usr."'".$_POST['type']."')";

                                        $std=$std."VALUES('".$_POST['txtLN']."',";
                                        $std=$std."'".$_POST['txtFN']."',";
                                        $std=$std."'".$_POST['txtMN']."',";
                                        $std=$std."'".$bdate."',";
                                        $std=$std."'".$_POST['txtemail']."',";
                                        $std=$std."'".$_POST['txtadd']."',";
                                        $std=$std."'".$_POST['txtCN']."')"; 

                                        if(mysqli_query($con,$std)) {
                                            echo"success";
                                        }
                                        else{
                                            echo"fail to register";
                                        }

                                }

                    }
                    else{
                        echo"<form>";
                        echo "Password doesn't match. Try registering again.";
                        echo "<input type=submit formaction=register.php value=back>";
                        echo"</form>";
                    }
                }

?>

4

1 回答 1

3

首先,您构建查询的方式很容易出现错误和 SQL 注入。

一些更清洁的东西怎么样,例如:

$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$stmt = $db->prepare("INSERT INTO table(field1,field2,field3,field4,field5) VALUES(:field1,:field2,:field3,:field4,:field5)");
$stmt->execute(array(':field1' => $field1, ':field2' => $field2, ':field3' => $field3, ':field4' => $field4, ':field5' => $field5));

并确保检查错误消息。

于 2013-10-03T14:54:16.403 回答