Php 使用表单数据插入将标准文本插入mysql?
我正在将一些表单数据插入sql数据库中,但我还想插入一个帐户类型标签,它不是表单数据的一部分 因此,基本上表单数据可以插入到数据库中,但我的数据库中还有一列名为“account\u type”,我希望将单词“member”作为标准插入其中 我可以这样做,因为我已尝试将其添加到代码中,但它不会将“成员”插入帐户类型 我尝试添加的代码:Php 使用表单数据插入将标准文本插入mysql?,php,mysql,Php,Mysql,我正在将一些表单数据插入sql数据库中,但我还想插入一个帐户类型标签,它不是表单数据的一部分 因此,基本上表单数据可以插入到数据库中,但我的数据库中还有一列名为“account\u type”,我希望将单词“member”作为标准插入其中 我可以这样做,因为我已尝试将其添加到代码中,但它不会将“成员”插入帐户类型 我尝试添加的代码: <? $result = mysql_query("UPDATE ptb_registrations SET account_type=Member"); ?
<? $result = mysql_query("UPDATE ptb_registrations SET account_type=Member"); ?>
<?php
session_start();
// other php code here
$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];
?>
<?php ob_start(); ?>
<?php
session_start();
// GET ACCOUNT INFORMATION FROM FORM AND ASSIGN VARIABLES
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$date_of_birth = $_SESSION['date_of_birth'];
$contact_number = $_SESSION['contact_number'];
$display_name = $_SESSION['display_name'];
$password = $_SESSION['password'];
?>
<?php
/*
// ECHO ACCOUNT INFORMATION
echo "<strong> Account Information: </strong>";
echo "<br />";
echo First Name: ";
echo "<br />";
echo $first_name;
echo "<br />";
echo "<br />";
echo "Last Name: ";
echo "<br />";
echo $last_name;
echo "<br />";
echo "<br />";
echo "Email: ";
echo "<br />";
echo $email;
echo "<br />";
echo "<br />";
echo "Password: ";
echo "<br />";
echo $password;
echo "<br />";
echo "<br />";
echo "date_of_birth: ";
echo "<br />";
echo $date_of_birth;
echo "<br />";
echo "<br />";
echo "Contact_number: ";
echo "<br />";
echo $contact_number;
echo "<br />";
echo "<br />";
echo "display_name: ";
echo "<br />";
echo $display_name;
echo "<br />";
echo "<br />";
*/
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "playtime");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
display_name,
date_of_birth,
contact_number,
password
)
VALUES('NULL',
'".$first_name."',
'".$last_name."',
'".$email."',
'".$display_name."',
'".$date_of_birth."',
'".$contact_number."',
'".$password."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?
$result = mysql_query("UPDATE ptb_registrations SET account_type=Member");
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
为什么不在注册的同时插入它呢
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
display_name,
date_of_birth,
contact_number,
password,
account_type
)
VALUES('NULL',
'{$first_name}',
'{$last_name}',
'{$email}',
'{$display_name}',
'{$date_of_birth}',
'{$contact_number}',
'{$password}',
'Member'
)";
以下
<? $result = mysql_query("UPDATE ptb_registrations SET account_type='Member'"); ?>
Member
必须在UPDATE
stationSET account\u type='Member'
中作为字符串单引号。除此之外,您的脚本易受SQL注入攻击。至少,您必须对每个$\u POST
查询输入和$\u会话
输入调用mhysql\u real\u escape\u string()
,以防止二阶SQL。injection还要注意,如果UPDATE
语句中没有WHERE
子句,它将修改所有行。