[英]Comparing between MySQL query and PHP input
我有一个表单和 2 个输入字段,一个用于 ID,一个用于信息,当我存储一个值时,我需要检查 ID 是否存在于表 num 1 中,如果存在,则将信息存储在表 num 2 中,如果不存在'存在然后说它是一个无效的 ID,这是我的代码。
Ps ID 已经存在于另一个表中,我想将信息存储在另一个表中,如果第二个条件不存在,我可以立即存储的连接或其他东西没有任何问题,并且在数据库中它会自动检查 id 是否存在,但我想在这里检查我写的是否无效。
<?php
if (isset($_POST['submitInfo'])) {
require 'dbh.php';
$ID = $_POST['ID'];
$Info = $_POST['DataInfo'];
$check = "SELECT ID FROM info";
$cresult = mysqli_query($conn, $check);
$cresult1 = mysqli_store_result($cresult);
if (!preg_match("/^[0-9]*$/", $ID)) {
header("Location: ../Data.php?error=invalidID");
exit();
} else if (mysqli_num_rows($cresult1) == 0 ) {
header("Location: ../Data.php?error=invalidID2");
exit();
} else {
$sql = "INSERT into datainfo (ID,Information) values (?,?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../Data.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "is", $ID, $Info);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
header("Location: ../Data.php?signup=success");
exit();
}
}
}
我修好了它:)
<?php
if (isset($_POST['submitInfo'])) {
require 'dbh.php';
$ID = $_POST['ID'];
$Info = $_POST['DataInfo'];
if (empty($ID) || empty($Info)) {
header("Location: ../Data.php?error=emptyFields");
exit();
} else if (!preg_match("/^[a-zA-Z0-9- ]*$/", $Info)) {
header("Location: ../Data.php?error=invalidChar");
exit();
} else if (!preg_match("/^[0-9]*$/", $ID)) {
header("Location: ../Data.php?error=invalidID");
exit();
} else {
$sql = "select ID from info where ID=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../Data.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "i", $ID);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
$sql = "insert into datainfo (ID,Information) values (?,?);";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../Data.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "is", $ID, $Info);
mysqli_stmt_execute($stmt);
header("Location: ../Data.php?signUp=success");
exit();
}
} else {
header("Location: ../Data.php?error=thisIDdoesntExist");
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.