使用会话的多步骤注册表单PHP/MySql
我正在尝试为我的站点实现一个两步注册表单,其中我使用了两个单独的页面,以便从用户那里获取信息 第一步:使用会话的多步骤注册表单PHP/MySql,php,mysql,forms,session,registration,Php,Mysql,Forms,Session,Registration,我正在尝试为我的站点实现一个两步注册表单,其中我使用了两个单独的页面,以便从用户那里获取信息 第一步: if($submit) { $connect = mysql_connect("localhost","root",""); mysql_select_db("mydb"); $queryreg = mysql_query("INSERT INTO volunteerbio VALUES (<my insert values>)"); } //gets th
if($submit)
{
$connect = mysql_connect("localhost","root","");
mysql_select_db("mydb");
$queryreg = mysql_query("INSERT INTO volunteerbio VALUES (<my insert values>)");
}
//gets the latest id added
$query = mysql_query("SELECT MAX(volunteerID) FROM volunteerbio");
$numrows = mysql_num_rows($query);
if($numrows!=0)
{
while($row = mysql_fetch_assoc($query))
{
$dbaccountID = $row['volunteerID'];
}
header("Location: http://localhost/RedCrossCaloocan/registration2_volunteer.php");
$_SESSION['volunteerID']=$dbaccountID;
}
}
?>
<?php
session_start();
$idnum = @$_SESSION['volunteerID'];
$connect = mysql_connect("localhost","root","");
mysql_select_db("mydb");
if($submit)
{
$updateSkills = mysql_query("
UPDATE volunteerbio
SET medicalSkillRating = $medicalRating,
electronicsSkillRating = $electronicRating,
errandSkillRating = $errandRating,
childCareSkillRating = $childCareRating,
counsellingSkillRating = $counsellingRating,
officeSkillRating = $officeRating,
communicationSkillRating =$communicationRating,
carpentrySkillRating = $carpentryRating
WHERE volunteerID = $idnum;
");
}
?>
if($submit)
{
$connect=mysql_connect(“本地主机”、“根目录”、“根目录”);
mysql_select_db(“mydb”);
$queryreg=mysql\u查询(“插入值()”;
}
//获取添加的最新id
$query=mysql_query(“从志愿者bio中选择MAX(志愿者id));
$numrows=mysql\u num\u行($query);
如果($numrows!=0)
{
while($row=mysql\u fetch\u assoc($query))
{
$dbaccountID=$row['志愿者ID'];
}
标题(“位置:http://localhost/RedCrossCaloocan/registration2_volunteer.php");
$\会话['OrganizerID]=$dbaccounted;
}
}
?>
第一步所做的是创建一个完整的表行,其中第二步所需的值将暂时保留为空值,直到下一步更新为止。
第二步:
if($submit)
{
$connect = mysql_connect("localhost","root","");
mysql_select_db("mydb");
$queryreg = mysql_query("INSERT INTO volunteerbio VALUES (<my insert values>)");
}
//gets the latest id added
$query = mysql_query("SELECT MAX(volunteerID) FROM volunteerbio");
$numrows = mysql_num_rows($query);
if($numrows!=0)
{
while($row = mysql_fetch_assoc($query))
{
$dbaccountID = $row['volunteerID'];
}
header("Location: http://localhost/RedCrossCaloocan/registration2_volunteer.php");
$_SESSION['volunteerID']=$dbaccountID;
}
}
?>
<?php
session_start();
$idnum = @$_SESSION['volunteerID'];
$connect = mysql_connect("localhost","root","");
mysql_select_db("mydb");
if($submit)
{
$updateSkills = mysql_query("
UPDATE volunteerbio
SET medicalSkillRating = $medicalRating,
electronicsSkillRating = $electronicRating,
errandSkillRating = $errandRating,
childCareSkillRating = $childCareRating,
counsellingSkillRating = $counsellingRating,
officeSkillRating = $officeRating,
communicationSkillRating =$communicationRating,
carpentrySkillRating = $carpentryRating
WHERE volunteerID = $idnum;
");
}
?>
第二步基本上更新第一步中填充空白值的字段,以完成注册。
第一步已经生效,并且能够将值添加到数据库中,但是,通过第二步骤更新空白值,我遇到了问题。 我有一种感觉,为了从第一步获取新生成的ID,我使用会话可能会有问题,但我就是想不出来。
您正在做:header("Location: http://localhost/RedCrossCaloocan/registration2_volunteer.php");
$_SESSION['volunteerID']=$dbaccountID;
第二行可能永远不会执行,因为您在它之前执行了重定向。我说可能是因为它可能会被处决。您必须添加exit()代码>在所有重定向之后阻止脚本的进一步执行
还有一件事:
切勿使用@
抑制PHP中的警告。几乎不需要@
。因此,不要这样做:
@$_SESSION['volunteerID'];
你应该做:
if (isset($_SESSION['volunteerID'])) {
$idnum = $_SESSION['volunteerID'];
} else {
// something went wrong???
}
在您的示例中,我看不到这一点,但确实可以防止SQLi漏洞吗?设法修复了它。似乎我在使用MAX时不得不更改一些名称。感谢您的帮助和伟大的编码建议!