堆栈内存溢出
  简体   繁体   English

在注册时向表添加数据

[英]Adding data to table on registration

 原文  2013-01-04 00:49:40       php/ mysql

问题描述

Ok so im in the middle of making a pokemon browser based game, and im having trouble making it so when a user registers to my site, they gain a starter pokemon that they choose. 好的,我正在制作基于口袋妖怪的基于浏览器的游戏,而在制作过程中却遇到了麻烦,因此当用户注册到我的网站时,他们会获得他们选择的入门级神奇宝贝。 I have it all working except for the part where it gives the user the pokemon, right now it enters the pokemon into the database but it does not give the pokemon to the user who registers it leaves the belongsto field empty. 除了给用户提供神奇宝贝的那一部分之外,我都能正常工作,现在它可以将神奇宝贝输入到数据库中,但是它不能将神奇宝贝提供给注册它的用户,而这会使它的用户保持为空。 kinda hard for me to explain. 我有点难以解释。

Here is the part of my code that enters the data to the table that stores all users pokemon. 这是我的代码部分,它将数据输入到存储所有用户pokemon的表中。 

<?php

if ($_POST['starter'] == '1' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '2' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '3' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '4' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '5' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '6' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '7' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '8' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '9' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '10' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '11' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '12' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}
?>

The thing that I can't figure out is how to make it so it takes the name that the user is registering with and puts it in place of .$_SESSION['username']. 我不知道的事情是如何制作它,以便它采用用户注册时使用的名称并将其替换为。$ _ SESSION ['username']。 I know that won't work because the person isn't signed in yet because they are still registering. 我知道这不会起作用,因为该人尚未登录,因为他们仍在注册。

Here is my form. 这是我的表格。 

<form action="" method="post">
        <div align="center">
          <ul>
            <p></p>
              Username* <br>
              <input type="text" name="username">

            <p></p>
              Password*<br>
              <input type="password" name="password">

            <p></p>
              Password again*<br>
              <input type="password" name="password_again">

            <p></p>
              First name<br>
              <input type="text" name="first_name">

            <p></p>
              Last name<br>
              <input type="text" name="last_name">

            <p></p>
              Email*<br>
              <input type="text" name="email">

            <p></p>
              Starter*<br>
              <select name="starter" id="" >
                <option value="1">Bulbasaur</option>
                <option value="2">Charmander</option>
                <option value="3">Squirtle</option>
                <option value="4">Chikorita</option>
                <option value="5">Cyndaquil</option>
                <option value="6">Totodile</option>
                <option value="7">Treecko</option>
                <option value="8">Torchic</option>
                <option value="9">Mudkip</option>
                <option value="10">Turtwig</option>
                <option value="11">Chimchar</option>
                <option value="12">Piplup</option>
              </select>

              <p></p>
              <input type="submit" value="Register">

            </ul>
          </div>
        <ul>
        </ul>
</form>

Im sorry for the giant question but any help would be greatly appreciated :) 对于这个巨大的问题,我很抱歉,但是任何帮助将不胜感激:)

2 个解决方案

解决方案1
 1  2013-01-04 01:23:55

Man, really looks like you are new at PHP so let me give few advices. 伙计,真的看起来您是PHP的新手,所以让我提供一些建议。

  1. Using $_POST/$_GET values in a query? 在查询中使用$ _POST / $ _ GET值? Dont do that. 不要那样做。 Never trust the user. 永远不要信任用户。 Learn why. 了解原因。

You HAVE to assume your visitor is a maniac serial killer, out to destroy your application. 您必须假设您的访客是一个疯狂的连环杀手,以破坏您的应用程序。 And you have to prevent it. 而且您必须防止这种情况。

  1. Clean your code. 清理您的代码。 As others suggested, loops/switch may help you 正如其他人所建议的那样,循环/切换可能会帮助您
  2. Maybe is too early for your project, but try to move OOP. 对于您的项目来说可能还为时过早,但是请尝试移动OOP。 (even if sometimes looks like a overkill, the downsides are low and the advantages are big) (即使有时看起来像是一个过大的杀伤力,缺点也很低,优势却很大)

By the way, this should do the trick, using PDO : 顺便说一句,应该使用PDO来解决问题 

$dbh = new PDO('mysql:dbname=YOURDBNAME;host=localhost', $db_user, $db_passwd);
// Get the choosen starter pokemon
$starter = $_POST['starter'];
$pokemons = array(
    1 => 'Bulbasaur',
    2 => 'Charmander',
    //[.. and so on..]
);

// check if choosed pokemon is available
if(!in_array($starter, $pokemons))
{
    // Pokemon not available, throw exception, error, die(), whatever
}
else
{
    // Insert the pokemn into the db
    $insert = $dbh->prepare("INSERT INTO user_pokemon (pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES (:pokemon, :user, 100,:time ,1, 5 ,'Normal')");

    $user_name = $_POST['username']; // what about check the username? Sanitization, etc..

    if($insert->execute(array(':pokemon' => $pokemons[$starter], ':user' => $user_name, ':time' => time())))
    {
        // Success!
    }
    else
    {
        // Error!
        $error = $insert->errorInfo();
        print_r("There was an error: \ncode: %s\nmessage:%s", $error[1], $error[2]);
    }
}

解决方案2
 0 已采纳  2013-01-04 01:03:24

There is much to be improved in your code. 您的代码有很多需要改进的地方。 But here is a quick fix: 但这是一个快速修复: 

<?php

if ($_POST['starter'] == '1' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '2' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '3' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '4' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '5' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '6' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '7' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '8' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '9' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '10' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '11' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}

if ($_POST['starter'] == '12' ) {
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
 ") or die(mysql_error());  
}
?>

This assumes that your post is submitted from that form on your page. 假设您的帖子是通过页面上的该表单提交的。 Like someone else said, learn PDO: http://php.net/manual/en/book.pdo.php 就像其他人说的,学习PDO: http : //php.net/manual/zh/book.pdo.php

Your current code is prone to SQL injection: http://en.wikipedia.org/wiki/SQL_injection 您当前的代码易于进行SQL注入: http : //en.wikipedia.org/wiki/SQL_injection

That is NOT good. 这是不好的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将表1数据添加到表2下拉列表中 - Adding table 1 data to table 2 dropdown 在CakePHP中添加HABTM作为注册 - Adding a HABTM as a registration in CakePHP 将 mysql 数据添加到 HTML 表中 - Adding mysql data in to HTML table 在AJAX中向表添加JSON数据 - Adding JSON data to table in AJAX 使用外键在表中添加数据 - adding data in a table with foreign key 创建表并向其中添加数据不起作用 - Creating table and adding data to it is not working 在注册页面添加验证消息 - adding validation message at the registration page 在php注册表格中添加信息 - adding info to php registration form 如何在不刷新的情况下使用AJAX将注册表中的用户数据提交到mysql表? - How to submit the user data in registration table using AJAX to mysql table without refresh? 验证传入的注册数据 - Verify incoming registration data
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM