Fatal编程技术网
  • php/
  • 使用会话的多步骤注册表单PHP/MySql

使用会话的多步骤注册表单PHP/MySql

php mysql forms session

使用会话的多步骤注册表单PHP/MySql,php,mysql,forms,session,registration,Php,Mysql,Forms,Session,Registration,我正在尝试为我的站点实现一个两步注册表单,其中我使用了两个单独的页面,以便从用户那里获取信息 第一步: if($submit) { $connect = mysql_connect("localhost","root",""); mysql_select_db("mydb"); $queryreg = mysql_query("INSERT INTO volunteerbio VALUES (<my insert values>)"); } //gets th

我正在尝试为我的站点实现一个两步注册表单,其中我使用了两个单独的页面,以便从用户那里获取信息

第一步:

if($submit)
{
    $connect = mysql_connect("localhost","root","");
    mysql_select_db("mydb");
    $queryreg = mysql_query("INSERT INTO volunteerbio VALUES (<my insert values>)");
}
//gets the latest id added
$query = mysql_query("SELECT MAX(volunteerID) FROM volunteerbio");
$numrows = mysql_num_rows($query);

if($numrows!=0)
{
    while($row = mysql_fetch_assoc($query))
    {
        $dbaccountID = $row['volunteerID'];
    }
    header("Location: http://localhost/RedCrossCaloocan/registration2_volunteer.php");
    $_SESSION['volunteerID']=$dbaccountID;
}
}
?>

<?php
  session_start();
  $idnum = @$_SESSION['volunteerID'];
  $connect = mysql_connect("localhost","root","");
  mysql_select_db("mydb");

if($submit)
{
  $updateSkills = mysql_query("

     UPDATE volunteerbio
     SET medicalSkillRating = $medicalRating,
         electronicsSkillRating = $electronicRating,
         errandSkillRating = $errandRating,
         childCareSkillRating = $childCareRating,
         counsellingSkillRating = $counsellingRating,
         officeSkillRating = $officeRating,
         communicationSkillRating =$communicationRating,
         carpentrySkillRating = $carpentryRating
     WHERE volunteerID = $idnum;

     ");
  }
?>

if($submit)
{
$connect=mysql_connect(“本地主机”、“根目录”、“根目录”);
mysql_select_db(“mydb”);
$queryreg=mysql\u查询(“插入值()”;
}
//获取添加的最新id
$query=mysql_query(“从志愿者bio中选择MAX(志愿者id));
$numrows=mysql\u num\u行($query);
如果($numrows!=0)
{
while($row=mysql\u fetch\u assoc($query))
{
$dbaccountID=$row['志愿者ID'];
}
标题(“位置:http://localhost/RedCrossCaloocan/registration2_volunteer.php");
$\会话['OrganizerID]=$dbaccounted;
}
}
?>
第一步所做的是创建一个完整的表行,其中第二步所需的值将暂时保留为空值,直到下一步更新为止。

第二步:

if($submit)
{
    $connect = mysql_connect("localhost","root","");
    mysql_select_db("mydb");
    $queryreg = mysql_query("INSERT INTO volunteerbio VALUES (<my insert values>)");
}
//gets the latest id added
$query = mysql_query("SELECT MAX(volunteerID) FROM volunteerbio");
$numrows = mysql_num_rows($query);

if($numrows!=0)
{
    while($row = mysql_fetch_assoc($query))
    {
        $dbaccountID = $row['volunteerID'];
    }
    header("Location: http://localhost/RedCrossCaloocan/registration2_volunteer.php");
    $_SESSION['volunteerID']=$dbaccountID;
}
}
?>

<?php
  session_start();
  $idnum = @$_SESSION['volunteerID'];
  $connect = mysql_connect("localhost","root","");
  mysql_select_db("mydb");

if($submit)
{
  $updateSkills = mysql_query("

     UPDATE volunteerbio
     SET medicalSkillRating = $medicalRating,
         electronicsSkillRating = $electronicRating,
         errandSkillRating = $errandRating,
         childCareSkillRating = $childCareRating,
         counsellingSkillRating = $counsellingRating,
         officeSkillRating = $officeRating,
         communicationSkillRating =$communicationRating,
         carpentrySkillRating = $carpentryRating
     WHERE volunteerID = $idnum;

     ");
  }
?>
第二步基本上更新第一步中填充空白值的字段,以完成注册。

第一步已经生效,并且能够将值添加到数据库中,但是,通过第二步骤更新空白值,我遇到了问题。 我有一种感觉,为了从第一步获取新生成的ID,我使用会话可能会有问题,但我就是想不出来。

您正在做:

header("Location: http://localhost/RedCrossCaloocan/registration2_volunteer.php");
$_SESSION['volunteerID']=$dbaccountID;
第二行可能永远不会执行,因为您在它之前执行了重定向。我说可能是因为它可能会被处决。您必须添加
exit()在所有重定向之后阻止脚本的进一步执行

还有一件事:

切勿使用
@
抑制PHP中的警告。几乎不需要
@
。因此,不要这样做:


@$_SESSION['volunteerID'];


你应该做:


if (isset($_SESSION['volunteerID'])) {
    $idnum = $_SESSION['volunteerID'];
} else {
    // something went wrong???
}



在您的示例中,我看不到这一点,但确实可以防止SQLi漏洞吗?
设法修复了它。似乎我在使用MAX时不得不更改一些名称。感谢您的帮助和伟大的编码建议!