多页会话存储在数据库中
[英]multipage session storing in database
问题描述
i'm trying to set up a simple multipage form, with the use of sessions to be later stored in a database in multiple tables. 
我正在尝试建立一个简单的多页表单,并使用会话将其以后存储在多个表中的数据库中。
however, i seem to have run into a problem. 但是,我似乎遇到了问题。 while the values of the last page get posted to the database, the session variables do not. 而最后一页的值将发布到数据库,而会话变量则不会。
please, keep in mind.. me and my project partner are complete newbies to php/sql and might not have payed as much attention in class as we should have. 请记住。.我和我的项目合作伙伴是php / sql的完全新手,在课堂上可能没有像我们应该注意的那样重视。 most of the code is pretty much thrown together randomly. 大多数代码几乎都是随机组合在一起的。 and identifying problems does not seem to be our strong suit. 找出问题似乎并不是我们的强项。
first page / b_tickets.php (simple html form with the values 'ticket_a', 'ticket_k' and 'ticket_vip') 第一页/ b_tickets.php (具有值“ ticket_a”,“ ticket_k”和“ ticket_vip”的简单html表单)
second page / b_rooms.php 第二页/ b_rooms.php
<?php
session_start();
$_SESSION['ticket_a'] = $_POST['ticket_a'];
$_SESSION['ticket_k'] = $_POST['ticket_k'];
$_SESSION['ticket_vip'] = $_POST['ticket_vip'];
?>
third page / b_ucp.php 第三页/ b_ucp.php
<?php
session_start();
$_SESSION['room_s'] = $_POST['room_s'];
$_SESSION['room_s_extra'] = $_POST['room_s_extra'];
$_SESSION['room_d'] = $_POST['room_d'];
$_SESSION['room_d_extra'] = $_POST['room_d_extra'];
$_SESSION['room_3'] = $_POST['room_3'];
$_SESSION['room_3_extra'] = $_POST['room_3_extra'];
$_SESSION['room_10'] = $_POST['room_10'];
$_SESSION['room_10_extra'] = $_POST['room_10_extra'];
$_SESSION['pension'] = $_POST['pension'];
?>
which leads to 这导致
insert_ucp.php insert_ucp.php
(at this point an echo §_SESSION of the previous variables reveals that they are in fact still stored.) (此时,对先前变量的回显§_SESSION表明它们实际上仍在存储中。)
<?php
session_start();
$con = mysql_connect("localhost","XX","XX");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("fatcity", $con);
$sql="INSERT INTO tickets (ticket_a, ticket_k, ticket_vip)
VALUES
('$_SESSION[ticket_a]','$_SESSION[ticket_k]','$_SESSION[ticket_vip]')";
$sql="INSERT INTO rooms (room_s, room_s_extra, room_d, room_d_extra, room_3, room_3_extra, room_10, room_10_extra, pension)
VALUES
('$_SESSION[room_s]','$_SESSION[room_s_extra]','$_SESSION[room_d]','$_SESSION[room_d_extra]','$_SESSION[room_3]','$_SESSION[room_3_extra]','$_SESSION[room_10]','$_SESSION[room_10_extra]','$_SESSION[pension]')";
$sql="INSERT INTO ucp (title, name, n_family, adress, a_housenumber, continent, country, province, region, city, telephone, email, password, payment, client, comment)
VALUES
('$_POST[title]','$_POST[name]','$_POST[n_family]','$_POST[adress]','$_POST[a_housenumber]','$_POST[continent]','$_POST[country]','$_POST[province]','$_POST[region]','$_POST[city]','$_POST[telephone]','$_POST[email]','$_POST[password]','$_POST[payment]','$_POST[client]','$_POST[comment]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
?>
at this point the question is not in fact about how terrible we are when it comes to php/sql- thank you.. we already figured that out. 在这一点上,问题实际上并不是关于php / sql的可怕程度,谢谢。。我们已经弄清楚了。 with only pretty much three days to our deadline.. 到截止日期只有三天了。
but why exactly the session variables aren't saved to the database. 但是为什么将会话变量没有保存到数据库中呢? what exactly are we overlooking? 我们到底在忽略什么?
thank you very much in advance.. 提前非常感谢您。
3 个解决方案
解决方案1
1 2012-11-23 23:36:20
RUN query every time!!! 每次都运行查询!!!
You create variable, then overwrite it 2 times than execute it 创建变量,然后将其覆盖两次,然后执行
should be: 应该:
$sql = 'smth';
mysql_query($sql);
$sql = 'smth';
mysql_query($sql);
$sql = 'smth';
mysql_query($sql);
you have 你有
$sql = 'smth';
$sql = 'smth';
$sql = 'smth';
mysql_query($sql);
And as I've said do not use mysql_*. 就像我说过的,不要使用mysql_ *。 And your code allows sql injection 而且您的代码允许sql注入
解决方案2
0 2012-11-23 23:37:11
First problem I see, is that $sql variable gets overriden 2 times in the last piece of code. 我看到的第一个问题是$sql变量在最后一段代码中被覆盖了2次。 So, only the last query gets executed. 因此,仅执行最后一个查询。
Second, you should use this syntax to inject non-tribial vars into strings: "INSERT ... ${someArray[someKey]} ..." - note curly braces. 其次,您应该使用以下语法将非trial var注入字符串: "INSERT ... ${someArray[someKey]} ..." -注意花括号。 This is not required here, but it will save you from troubles in the future. 这里不是必需的,但是它将使您免于以后的麻烦。
Third, sanitize all the input data! 第三,清理所有输入数据! You will have SQL injection in the last code example. 在最后一个代码示例中,您将进行SQL注入 。
Last, no need to session_start() in each file - just place it once in bootstrapping file and require_once it. 最后,无需在每个文件中使用session_start() -只需将其放置在引导文件中一次,然后require_once 。
解决方案3
0 2012-11-24 00:40:14
I agree with E_p in that only one of your queries is ever going to be executed. 我同意E_p的观点,因为只有一个查询将要执行。 doing what he suggested will allow all your queries to execute. 按照他的建议进行操作将允许您执行所有查询。
You may also want to take a look at your tables, just from looking at your query structure I see nothing wrong with them, but you may end up having a hard time getting the info you want back out. 您可能还希望查看表,仅查看查询结构,我发现它们没有问题,但最终可能很难获取所需的信息。 I could be wrong since you didn't post your table structures nor was your question really regarding this, but its just something I noticed and figured I would share. 我可能是错的,因为您没有发布表结构,也没有真正关于此的问题,但这只是我注意到并想分享的内容。 Your tables do not look like they are connected to each other by any foreign keys. 您的表看起来好像没有通过任何外键相互连接。 This may not be needed for your project, but if you needed to pull all the form data related to all ticket_a entries then you would only get a list of sessionIDs corresponding to the ticket_a column, without any info from your 'rooms' or 'upc' tables. 您的项目可能不需要这样做,但是如果您需要提取与所有ticket_a条目相关的所有表单数据,那么您将仅获得与ticket_a列相对应的sessionID列表,而“ rooms”或“ upc”中没有任何信息'表。 If that is what you are going for then its fine, otherwise you may want to look into it. 如果那是您想要的,那就没问题了,否则您可能需要调查一下。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.