您的位置: 首页  >  技术问答  >  数据没有保存到PHP中的两个表

数据没有保存到PHP中的两个表

分类: 技术问答 2022-03-18 00:13:15

数据没有保存到PHP中的两个表

问题描述:

I am attempting to save user details to a database, I give sign up success but when I check my database only the User table is receiving the data. I do know my code is kind of messy but I am a newbie after all, here is the PHP, I cannot see any errors in the INSERT it seems to match my table name and fields. I am trying to make both the User table and the Member table be populated but at the moment only the User table is getting the data. Sorry I posted this earlier but included the wrong code so I deleted the post and here I am again.

if (isset($_POST["u"])) {
    // CONNECT TO THE DATABASE
    include_once("db_conx.php");
    // GATHER THE POSTED DATA INTO LOCAL VARIABLES
    $u = preg_replace('#[^a-z0-9]#i', '', $_POST['u']);
    $e = mysqli_real_escape_string($db_conx, $_POST['e']);
    $p = $_POST['p'];
    $ln = preg_replace('#[^a-z]#i', '', $_POST['lastName']);
    $fn = preg_replace('#[^a-z]#i', '', $_POST['firstName']);
    $g = preg_replace('#[^a-z]#i', '', $_POST['g']);
    $c = preg_replace('#[^a-z ]#i', '', $_POST['c']);
    $m = preg_replace('#[^0-9]#', '', $_POST['m']);
    $ci = preg_replace('#[^a-z]#i', '', $_POST['ci']);
    $pc = preg_replace('#[^a-z0-9]#i', '', $_POST['pc']);
    $rs = $_POST['relationshipStatus'];
    $d = $_POST['d'];
    $_POST['accountType'] = 0;
    $accountType = mysqli_real_escape_string($db_conx, $_POST['accountType']);

    //   $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
    // DUPLICATE DATA CHECKS FOR USERNAME AND EMAIL
    $sql = "SELECT Userid FROM User WHERE username='$u' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $u_check = mysqli_num_rows($query);
    // -------------------------------------------
    $sql = "SELECT emailAddress from Member WHERE emailAddress = '$e' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $e_check = mysqli_num_rows($query);
    // FORM DATA ERROR HANDLING
    if (u == "" || e == "" || p1 == "" || p2 == "" || c == "" || g == "" || m == "" || ci == "" || pc == "" || d == "") {
        echo "The form submission is missing values.";
        exit();
    } else if ($u_check > 0) {
        echo "The username you entered is alreay taken";
        exit();
    } else if ($e_check > 0) {
        echo "That email address is already in use in the system";
        exit();
    } else if (strlen($u) < 3 || strlen($u) > 16) {
        echo "Username must be between 3 and 16 characters";
        exit();
    } else if (is_numeric($u[0])) {
        echo 'Username cannot begin with a number';
        exit();
    } else {
        // END FORM DATA ERROR HANDLING
        // Begin Insertion of data into the database
        // Hash the password and apply your own mysterious unique salt
        $cryptpass = crypt($p);
        include_once ("randStrGen.php");
        $p_hash = randStrGen(20) . "$cryptpass" . randStrGen(20);
        // Add user info into the database table for the main site table
        $sql = "INSERT INTO Member (`firstName`, `lastName`, `gender`, `emailAddress`, 
                    `city`, `country`, `postCode`, `relationshipStatus`, `mobileNumber`, `dateOfBirth`)       
                VALUES('$fn', '$ln', '$g', '$e', '$ci', '$c', '$pc', '$rs', '$m', '$d')";
        $query = mysqli_query($db_conx, $sql);
        $uid = mysqli_insert_id($db_conx);
        $sql = "INSERT INTO User (`Userid`, `username`, `password`, `accountType`) VALUES ('$uid','$u','$p','$accountType')";
        $query = mysqli_query($db_conx, $sql);

When I echo out the INSERT into Member statement I get the following even though I populate every field on my form

INSERT INTO Member (`firstName`, `lastName`, `gender`, `emailAddress`, `city`, `country`, `postCode`, `relationshipStatus`, `mobileNumber`, `dateOfBirth`) VALUES('', '', 'Male', 'test11@hotmail.com', '', 'Lebanon', '', '', '', '')signup_success

Here's what I'd do - forgive the coding standard, I've been coding all day and I'm rather tired
Also, try to kill the page as you hit each error instead of saving them for later - once the page is killed, no further code is processed (it's read by the server, but not processed)
Just makes more sense to me - personal preference!

if (isset($_POST['u'])) {
    // CONNECT TO THE DATABASE
    include_once("db_conx.php");
    $lazy = array(
        'u' => 'username',
        'ln' => 'surname',
        'fn' => 'forename',
        'g' => 'gender',
        'c' => 'country',
        'ci' => 'city',
        'pc' => 'post code',
        'rs' => 'relationship status'
    );
    foreach($lazy as $what => $show) {
        $_POST[$what] = isset($_POST[$what]) && is_string($_POST[$what]) ? mysqli_real_escape_string(trim($db_conx,$_POST[$what])) : null;
        if(empty($_POST[$what]))
            exit("You didn't enter a valid ".$show);
        ${$what} = $what;
    }
    if (strlen($u) < 3 || strlen($u) > 16)
        exit("Username must be between 3 and 16 characters");
    if (ctype_digit($u[0]))
        exit('Username cannot begin with a number');
    $e = isset($_POST['e']) && filter_var($_POST['e'], FILTER_VALIDATE_EMAIL) ? trim($_POST['e']) : null;
    if(empty($e))
        exit("You didn't enter a valid email address");
    if(filter_var($_POST['d'], FILTER_VALIDATE_INT) !== false)
        exit("You didn't enter a valid mobile number");
    $d = $_POST['d']; // Seeing as you're intent on creating variables for variabled data..
    /*
    Need to see how users enter their date of birth before I can properly secure that..

    If using <input type='date' ..>
    if(!preg_match('/[0-9]+\-[0-9]+\-[0-9]+/', $_POST['d']))
        exit("Invalid date of birth");
    */
    // DUPLICATE DATA CHECKS FOR USERNAME AND EMAIL
    $sql1 = "SELECT `Userid` FROM `User` WHERE `username` = '".$u."' LIMIT 1";
    $query = mysqli_query($db_conx, $sql1) or exit(mysqli_error($db_conx));
    if(mysqli_num_rows($query))
        exit("That username is already in use");
    // -------------------------------------------
    $sql2 = "SELECT `emailAddress` FROM `Member` WHERE `emailAddress` = '".$e."' LIMIT 1";
    $query = mysqli_query($db_conx, $sql2) or exit(mysqli_error($db_conx));
    if(mysqli_num_rows($query))
        exit("That email address is already in use");
    // Begin Insertion of data into the database
    // Hash the password and apply your own mysterious unique salt
    $cryptpass = crypt($p);
    include_once("randStrGen.php");
    $p_hash = randStrGen(20) . $cryptpass . randStrGen(20);
    // Add user info into the database table for the main site table
    $sql3 = "INSERT INTO `Member` (`firstName`, `lastName`, `gender`, `emailAddress`, `city`, `country`, `postCode`, `relationshipStatus`, `mobileNumber`, `dateOfBirth`) VALUES('".$fn."', '".$ln."', '".$g."', '".$e."', '".$ci."', '".$c."', '".$pc."', '".$rs."', '".$m."', '".$d."')";
    mysqli_query($db_conx, $sql3) or exit(mysqli_query($db_conx));
    $uid = mysqli_insert_id($db_conx);
    $sql4 = "INSERT INTO `User` (`Userid`, `username`, `password`, `accountType`) VALUES (".$uid.",'".$u."','".$p."','".$accountType."')";
    mysqli_query($db_conx, $sql4) or exit(mysqli_query($db_conx));
    echo "Account created"; // Or whatever success message you have
}

相关推荐