如何将我的注册表下的主键作为外键插入我的反馈表
[英]How to insert my primary key under my signup table into my feedback table as a foreign key
问题描述
How do I identify which users did the feedback as I have two different tables.
由于我有两个不同的表,我如何确定哪些用户做了反馈。 I want to insert my signup id as a foreign key under my feedback table.我想在我的反馈表下插入我的注册 ID 作为外键。
My two tables我的两张桌子
1.signup 1.注册
2.feedback 2.反馈
signup报名
signup_id as a primary key
Username
Password
feedback反馈
feedback_id as a primary key
signup_id as a foreign key
category
feedback text
rating
My Signup Code我的注册码
<?php
include 'config.php';
if (isset($_POST['signup'])) {
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$cpassword = md5($_POST['confirmpassword']);
if ($password == $cpassword) {
$sql = "INSERT INTO signup(email,username,password)VALUES('$email','$username','$password')";
$result = mysqli_query($conn, $sql);
if ($result) {
header("location: feedback.php");
}
}
}
My Feedback Code我的反馈代码
<?php
include "config.php";
if(isset($_POST['submit'])){
$category = $_POST['category'];
$rating = $_POST['rating'];
$feedbacktext = $_POST['feedback'];
$sql = "INSERT INTO feedback(category,rating,feedbacktext)VALUES('$category','$rating','$feedbacktext')";
$result = mysqli_query($conn,$sql);
}
?>
1 个解决方案
解决方案1
1 已采纳 2022-08-14 08:30:23
There are some issues with your code that you should address, namely SQL injection and incorrect password hashing using MD5您的代码存在一些问题需要解决,即SQL 注入和使用 MD5 的不正确密码散列
One method of using the last insert id from the signup routine would be to assign it to a session variable.使用注册例程中last insert id的一种方法是将其分配给 session 变量。 As long as any pages visited after the signup also maintain that session the ID will be available in that session variable.只要注册后访问的任何页面还保持 session ,该 ID 将在该 session 变量中可用。 You could pass it in a querystring but that is ropey.您可以在查询字符串中传递它,但这很麻烦。
I tried to address the issues mentioned with the following - Prepared statements replace the vulnerable sql commands and the password is hashed using password_hash我尝试解决以下提到的问题 - 准备好的语句替换易受攻击的 sql 命令,并使用password_hash对密码进行哈希处理
signup报名
<?php
# start a session to save the user id
session_start();
# we are only interested in proceeding if ALL these POST variables are present!
if( isset(
$_POST['email'],
$_POST['username'],
$_POST['password'],
$_POST['confirmpassword']
)) {
include 'config.php';
$email = $_POST['email'];
$username = $_POST['username'];
# never use MD5 for password hashing. It is broken and not secure/reliable.
# Use password_hash & password_verify!
$hash = password_hash( $_POST['password'], PASSWORD_DEFAULT );
if( $_POST['password'] == $_POST['confirmpassword'] ) {
# mitigate SQL injection by using a prepared statement
$sql = "INSERT INTO `signup`( `email`, `username`, `password`) VALUES ( ?, ?, ? )";
$stmt = $conn->prepare( $sql );
$stmt->bind_param('sss', $email, $username, $hash );
$stmt->execute();
# save the insert id as a session variable to use after redirect.
# this ensures the id is available when the next insert statement occurs
# so long as the session is maintained on all pages following this.
$_SESSION['uid']=$stmt->insert_id;
$stmt->close();
exit( header("Location: feedback.php") );
}
}
?>
Feedback反馈
<?php
session_start();
#again, only proceed if ALL required POST vars are present, not just the submit button!
if( isset(
$_POST['category'],
$_POST['rating'],
$_POST['feedback'],
$_SESSION['uid']
)){
include "config.php";
# create the basic sql with placeholders for the prepared statement bound parameters.
$sql = "INSERT INTO `feedback` ( `signup_id`, `category`, `rating`, `feedbacktext` ) VALUES ( ?, ?, ?, ? )";
# create the statement, bind the vars and execute...
$stmt = $conn->prepare( $sql );
$stmt->bind_param('ssss', $_SESSION['uid'], $_POST['category'], $_POST['rating'], $_POST['feedback'] );
$stmt->execute();
$stmt->close();
# now what?....
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.