Php 跨多个页面的会话表单数据并插入mysql?
有人能帮我吗?我想提交一份超过3页的表格。每个和im中有3个文本区域字段,使用会话开始回显其他页面的表单数据 最后,我要做的就是回显表单数据并将其插入mysql表ptb_registrations中 由于某些原因,虽然它不工作,我得到的错误更新数据库错误。我已经为此工作了几个小时,很抱歉,我无法理解。请有人帮帮我,告诉我哪里出了问题 第1页:Php 跨多个页面的会话表单数据并插入mysql?,php,mysql,Php,Mysql,有人能帮我吗?我想提交一份超过3页的表格。每个和im中有3个文本区域字段,使用会话开始回显其他页面的表单数据 最后,我要做的就是回显表单数据并将其插入mysql表ptb_registrations中 由于某些原因,虽然它不工作,我得到的错误更新数据库错误。我已经为此工作了几个小时,很抱歉,我无法理解。请有人帮帮我,告诉我哪里出了问题 第1页: <?php session_start(); ?> <form class="" method="post" action="regi
<?php
session_start();
?>
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
?>
<form name="myForm" method="post" action="register_p3.php" onsubmit="return validateForm()" >
<input type="text" id="date_of_birth" name="date_of_birth" placeholder="D.O.B 10/02/1990" />
<input type="text" id="number" name="number" placeholder="Mobile Number" />
<input type="text" id="confirm" name="confirm" placeholder="Are You a UK resident?" />
<input type="submit" value="Next >" />
</form>
<?php
session_start();
// other php code here
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['dat_of_birth'] = $date_of_birth;
$_SESSION['number'] = $number;
?>
<form class="" method="post" action="register_p4.php">
<input type="text" id="display_name" name="date_of_birth" placeholder="Display Name" />
<input type="password" id="password" name="password" placeholder="Password" />
<input type="password" id="password2" name="password2" placeholder="Password (Confirm)" />
<input type="submit" value="Next >" />
</form>
在page2.php
中,您需要如下设置session
因为$first\u name等..
没有声明
page2.php
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];
page3.php
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];
page4.php
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['dat_of_birth'] = $_POST['date_of_birth'];
$_SESSION['number'] = $_POST['number'];
$_SESSION['display_name'] = $_POST['display_name'];
$_SESSION['password'] = $_POST['password'];
在page4.php中,执行一个或多个变量声明
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email']; etc...
然后将其存储在数据库中。这是一种不好的做法,整个脚本都是这样,但我相信您的SQL错误是因为您提供的ID为null。ID可能是一个整数,最有可能是自动递增的。改为这样做:
$query="INSERT INTO ptb_registrations (
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
)";
Pge 1:
<form class="" method="post" action="register_p2.php">
<input type="text" id="first_name" name="first_name" placeholder="First Name" />
<input type="text" id="last_name" name="last_name" placeholder="Last Name" />
<input type="email" id="email" name="email" placeholder="Email" />
<input type="submit" value="Next >" />
</form>
第4页:
<?php
session_start();
// other php code here
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$date_of_birth = $_SESSION['dat_of_birth'] ;
$number =$_SESSION['number'];
$display_name = $_SESSION['display_name'];
$password = $_SESSION['password'];
?>
<?php
////// SEND TO DATABASE
/////////////////////////////////////////////////////////
// Database Constants
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "");
define("DB_NAME", "database");
// 1. Create a database connection
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
//////////////////////////////////////////////////////////////
$query="INSERT INTO ptb_registrations (ID,
first_name,
last_name,
email,
date_of_birth,
contact_number,
display_name,
password
)
VALUES('NULL',
'".mysql_real_escape_string($first_name)."',
'".mysql_real_escape_string($last_name)."',
'".mysql_real_escape_string($email)."',
'".mysql_real_escape_string($date_of_birth)."',
'".mysql_real_escape_string($number)."',
'".mysql_real_escape_string($display_name)."',
'".mysql_real_escape_string($password)."'
)";
mysql_query($query) or die ('Error updating database');
?>
<?php
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}
function get_user_id() {
global $connection;
global $email;
$query = "SELECT *
FROM ptb_registrations
WHERE email = \"$email\"
";
$user_id_set = mysql_query($query, $connection);
confirm_query($user_id_set);
return $user_id_set;
}
?>
<?php
$user_id_set = get_user_id();
while ($user_id = mysql_fetch_array($user_id_set)) {
$cookie1 = "{$user_id["id"]}";
setcookie("ptb_registrations", $cookie1, time()+3600); /* expire in 1 hour */
}
?>
<?php include ('includes/send_email/reg_email.php'); ?>
<? ob_flush(); ?>
mysql_*函数不推荐使用mysqli_*或PDO
您的代码易受mysql\u注入攻击:至少使用mysql\u real\u escape\u string
请有人帮帮我,告诉我哪里出了问题
你的代码本身太可怕了因为:
1) 您混合了会话和数据库职责
2) 对于不需要结果集的查询,可以使用mysql\u query()
。对于INSERT、UPDATE、DELETE
查询,应使用mysql\u unbuffered\u query()
3) 不能使用mysql\u real\u escape\u string()
对值进行转义,因此容易受到SQL注入的攻击
4) 使用过程代码和全局状态
5) 您使用了不推荐使用的mysql.*
函数,而不是PDO
或MySQLi
6) 您使用字符串连接而不是sprintf()
,如下所示:
)
VALUES(
'".$first_name."',
'".$last_name."',
'".$email."',
'".$date_of_birth."',
'".$number."',
'".$display_name."',
'".$password."'
7) 您不验证$\u会话
和$\u POST
中的任何内容。如果设置了变量,但变量不存在,该怎么办
8) 您的查询验证错误,这里:confirm\u query($result\u set){..
我最好到此为止
因此,与这种编码方式不同,您实际上需要将责任分开
对于会话,它应该如下所示:
文件session.php
function seesion_init(){
if ( session_id() == '' ){
return session_start();
} else {
return true;
}
}
function session_set(array $values){
foreach($values as $key => $val){
$_SESSION[$key] = $val;
}
}
/**
* It will give you a confidence that you get an existing value
* @param string $key
*/
function session_get($key){
if ( isset($_SESSION[$key]) ){
return $_SESSION[$key];
} else {
throw new RuntimeException(sprintf('Accessed to non-existing session variable %s', $key));
}
}
<?php
define('HOST', '...');
define('USER', '...');
...
function connect(){
if ( ! mysql_connect(...) ){
die('...');
}
if ( ! mysql_select_db('DB_NAME_HERE') ){
die('...');
}
}
function query($query){
return mysql_query($query); //<- Should only be used for SELECT queries
}
function ub_query($query){
return mysql_unbuffered_query($query); // <- Should only be used for INSERT, DELETE, UPDATE queries
}
function fetch($result){
return mysql_fetch_assoc($result);
}
require_once('dbconnection.php');
connect();
/**
* Returns user id by his username
*
* @return array on success
* FALSE if email does not exists
*/
function get_user_id_by_email($email) {
$query = sprintf("SELECT `id` FROM `ptb_registrations` WHERE `email` = '$email' LIMIT 1", mysql_real_escape_string($email));
$result = ub_query($query);
if ( $result ){
return fetch($result);
} else {
return false;
}
}
文件:dbconnection.php
function seesion_init(){
if ( session_id() == '' ){
return session_start();
} else {
return true;
}
}
function session_set(array $values){
foreach($values as $key => $val){
$_SESSION[$key] = $val;
}
}
/**
* It will give you a confidence that you get an existing value
* @param string $key
*/
function session_get($key){
if ( isset($_SESSION[$key]) ){
return $_SESSION[$key];
} else {
throw new RuntimeException(sprintf('Accessed to non-existing session variable %s', $key));
}
}
<?php
define('HOST', '...');
define('USER', '...');
...
function connect(){
if ( ! mysql_connect(...) ){
die('...');
}
if ( ! mysql_select_db('DB_NAME_HERE') ){
die('...');
}
}
function query($query){
return mysql_query($query); //<- Should only be used for SELECT queries
}
function ub_query($query){
return mysql_unbuffered_query($query); // <- Should only be used for INSERT, DELETE, UPDATE queries
}
function fetch($result){
return mysql_fetch_assoc($result);
}
require_once('dbconnection.php');
connect();
/**
* Returns user id by his username
*
* @return array on success
* FALSE if email does not exists
*/
function get_user_id_by_email($email) {
$query = sprintf("SELECT `id` FROM `ptb_registrations` WHERE `email` = '$email' LIMIT 1", mysql_real_escape_string($email));
$result = ub_query($query);
if ( $result ){
return fetch($result);
} else {
return false;
}
}
等等。这里的概念是将每个脚本的责任分开,然后使用您需要的“部分”
回到原来的问题
是否要在表中插入值?然后首先验证此值。问题是您不这样做。仅此而已。通过$\u POST['First\u Name']您必须在第二页中捕获该值,而不是将其作为变量引用。您是在哪里学会这样做的?这看起来很复杂,如果将其放在internet附近,会非常危险。如果我不得不猜测数据库错误,请不要在插入中提供ID。去掉ID和“null”。使用$\u POST[]而不是只使用$variabale\u name。我是否也需要将$\u POST添加到第3页?还是只需添加第2ok cool页以及第4页上要添加的任何内容?我已经删除了第4页上的id和null不知道这是否有帮助?确定完成了所有操作,但仍然会收到错误更新数据库的错误消息:(尝试mysql\u query($query)或死亡(mysql\u error());并告诉我您遇到了什么错误..我遇到了这个错误:警告:会话启动()[function.session start]:无法发送会话缓存限制器-已发送头(输出从/Applications/XAMPP/xamppfiles/htdocs/ptb1/includes/mod_register/mod_member/register_p4.php:18开始)在第19行错误更新数据库的/Applications/XAMPP/xamppfiles/htdocs/ptb1/includes/mod_register/mod_member/register_p4.php中,我做了您所说的一切,它仍然没有将其放入我的mysql表中,但我没有收到任何错误,它只是说谢谢注册,没有插入值:(echo$query;
在第4页的mysql\u query($query)或die('Error update database')之前添加此行;
,查看您的查询结果。请将其粘贴到此处。在ptb\u注册中插入(ID、名字、姓氏、电子邮件、显示名称、出生日期、联系电话、密码、帐户类型)值更新数据库时('NULL'、''、''、''、'asdasd'、''、'adad'、'Member')出错