嘗試使用php將會話變量傳遞到mysql查詢中
[英]Trying to pass a session variable into a mysql query using php
問題描述
我希望有人能幫幫忙,
我編寫了以下函數insert_address($address) ,將地址記錄寫入mysql數據庫。 並寫入除custid之外的所有字段。
custid是另一個表的主索引,存儲在會話變量$_SESSION
從函數下面的表單中調用函數insert_address($address)
我包含了其他代碼來顯示會話ID等,以獲取更多背景信息。
<?php
function insert_address($address) {
global $db;
$sql = "INSERT INTO address ";
$sql .= "(custid, houseno, street_1, street_2, town, county, postcode, country) ";
$sql .= "VALUES (";
$sql .= "'" . db_escape($db, $address['custid']) . "',";
$sql .= "'" . db_escape($db, $address['houseno']) . "',";
$sql .= "'" . db_escape($db, $address['street_1']) . "',";
$sql .= "'" . db_escape($db, $address['street_2']) . "',";
$sql .= "'" . db_escape($db, $address['town']) . "',";
$sql .= "'" . db_escape($db, $address['county']) . "',";
$sql .= "'" . db_escape($db, $address['postcode']) . "',";
$sql .= "'" . db_escape($db, $address['country']) . "'";
$sql .= ")";
$result = mysqli_query($db, $sql);
// For INSERT statements, $result is true/false
if($result) {
return true;
} else {
// INSERT failed
echo mysqli_error($db);
db_disconnect($db);
exit;
}
}
?>
PHP表格
<?php
require_once('../../private/initialize.php');
require_user_login();
if(is_post_request()) {
$address = [];
$address ['custid'] = $_POST['custid'] ?? '';
$address['houseno'] = $_POST['houseno'] ?? '';
$address['street_1'] = $_POST['street_1'] ?? '';
$address['street_2'] = $_POST['street_2'] ?? '';
$address['town'] = $_POST['town'] ?? '';
$address['county'] = $_POST['county'] ?? '';
$address['postcode'] = $_POST['postcode'] ?? '';
$address['country'] = $_POST['country'] ?? '';
$result = insert_address($address);
if($result === true) {
// $new_id = mysqli_insert_id($db);
$_SESSION['message'] = 'Address Created.';
redirect_to(url_for('/admin/show.php?id=' . $custid));
} else {
$errors = $result;
}
} else {
// display the blank form
$address = [];
$address['custid'] = $_GET['custid'] ?? '1';
$address['houseno'] = '';
$address['street_1'] = '';
$address['street_2'] = '';
$address['town'] = '';
$address['county'] = '';
$address['postcode'] = '';
$address['country'] = '';
}
?>
<?php $page_title = 'Create Address'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>
<div id="content">
<a class="back-link" href="<?php echo url_for('/admin/show.php'); ?>">« Back to Account Page</a>
<div class="admin new">
<h1>Create Address</h1>
<?php echo display_errors($errors); ?>
<form action="<?php echo url_for('/admin/address.php'); ?>" method="post">
<dl>
<dt>House Number</dt>
<dd><input type="text" name="houseno" value="<?php echo h($address['houseno']); ?>" /></dd>
</dl>
<dl>
<dt>Street</dt>
<dd><input type="text" name="street_1" value="<?php echo h($address['street_1']); ?>" /></dd>
</dl>
<dl>
<dt>Street 2</dt>
<dd><input type="text" name="street_2" value="<?php echo h($address['street_2']); ?>" /></dd>
</dl>
<dl>
<dt>Town or City</dt>
<dd><input type="text" name="town" value="<?php echo h($address['town']); ?>" /></dd>
</dl>
<dl>
<dt>County </dt>
<dd><input type="text" name="county" value="<?php echo h($address['county']); ?>" /><br /></dd>
</dl>
<dl>
<dt>Post Code </dt>
<dd><input type="text" name="postcode" value="<?php echo h($address['postcode']); ?>" /><br /></dd>
</dl>
<dl>
<dt>Country </dt>
<dd><input type="text" name="country" value="<?php echo h($address['country']); ?>" /><br /></dd>
</dl>
<br />
<div id="operations">
<input type="submit" value="Add Address" />
</div>
</form>
</div>
</div>
<?php include(SHARED_PATH . '/public_footer.php'); ?>
<?php
require_once('db_credentials.php');
function db_connect() {
$connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
confirm_db_connect();
return $connection;
}
function db_disconnect($connection) {
if(isset($connection)) {
mysqli_close($connection);
}
}
function db_escape($connection, $string) {
return mysqli_real_escape_string($connection, $string);
}
function confirm_db_connect() {
if(mysqli_connect_errno()) {
$msg = "Database connection failed: ";
$msg .= mysqli_connect_error();
$msg .= " (" . mysqli_connect_errno() . ")";
exit($msg);
}
}
function confirm_result_set($result_set) {
if (!$result_set) {
exit("Database query failed.");
}
}
?>
我嘗試使用全局變量,只是將其放入其中以嘗試強制傳遞值,現在已將其刪除,但仍得到相同的結果,我正在使用會話ID在頁面之間移動時傳遞所需的變量。
<?php
// Performs all actions necessary to log in an customer
function log_in_customer($customer) {
// Renerating the ID protects the customer from session fixation.
session_regenerate_id();
$_SESSION['custid'] = $customer['custid'];
$_SESSION['last_login'] = time();
$_SESSION['username'] = $customer['username'];
return true;
}
// Performs all actions necessary to log out an customer
function log_out_customer() {
unset($_SESSION['custid']);
unset($_SESSION['last_login']);
unset($_SESSION['username']);
// session_destroy(); // optional: destroys the whole session
return true;
}
// is_logged_in() contains all the logic for determining if a
// request should be considered a "logged in" request or not.
// It is the core of require_login() but it can also be called
// on its own in other contexts (e.g. display one link if a customer
// is logged in and display another link if they are not)
function user_is_logged_in() {
// Having a cust_id in the session serves a dual-purpose:
// - Its presence indicates the customer is logged in.
// - Its value tells which customer for looking up their record.
return isset($_SESSION['custid']);
}
// Call require_login() at the top of any page which needs to
// require a valid login before granting acccess to the page.
function require_user_login() {
if(!user_is_logged_in()) {
redirect_to(url_for('/login.php'));
} else {
// Do nothing, let the rest of the page proceed
}
}
?>
<?php
// Performs all actions necessary to log out an customer
function log_out_customer() {
unset($_SESSION['custid']);
unset($_SESSION['last_login']);
unset($_SESSION['username']);
// session_destroy(); // optional: destroys the whole session
return true;
}
?>
我確信這只是我找不到的簡單修復!
1 個解決方案
解決方案1
1 2017-07-13 13:52:45
您永遠不會分配$_POST['custid'] 。 您應該改用登錄時設置的會話變量。
嘗試在您的PHP表單中使用$_SESSION['custid'] 。 因此,代替$address ['custid'] = $_POST['custid'] ?? ''; $address ['custid'] = $_POST['custid'] ?? ''; 在您的PHP表單中使用此$address ['custid'] = $_SESSION['custid'] ?? ''; $address ['custid'] = $_SESSION['custid'] ?? ''; 我認為您使用的是錯誤的變量。
使用PHP將會話變量添加到MYSQL查詢中
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.