PHP는 MySQL의 + 삽입 쿼리

Question

설명 이 필드가 테이블라는 이름의 사용자에게 정보를 제출 레지스터 페이지의 정보 :

• _ 이름을
• FIRST_NAME,
• LAST_NAME,
• 개 주소,
• district_name,
• village_name,
• birth_date,
• EMAIL_ADDRESS,
• specialization_name,
• 비밀번호,
• registered_date는

와 나는 이름의 다른 테이블이 이러한 필드가있는 전문화 :

• 는 specialization_id
• specilaization_name

내가 필요한 것은 사용자가 등록 페이지에서 전문화를 선택하지만 사용자 테이블에 내가 전문화 테이블에 외래 키로 specialization_id를 사용할 필요가있다 내가 사용

삽입 쿼리는 다음과 같습니다

$query = mysql_query("INSERT INTO user(user_name, first_name, last_name, address, district_name, village_name, birth_date, email_address, specialization_name, password, registered_date)VALUES('$username', '$fname', '$lname', '$country', '$district', '$village', '$bdate', '$email', '$specialization', '$pass1', now())")or die("could not insert data"); 

register.php

<?php require_once('for members/scripts/connect.php'); ?> 


<?php 
ob_start(); 
function countryQuery(){ 

    $countryData = mysql_query("SELECT * FROM country") or die("could select database"); 

    while($record = mysql_fetch_array($countryData)){ 

    echo'<option value="' . $record['country_name'] . '">' . $record['country_name'] . '</option>'; 

    } 

} 


function specializationQuery(){ 

$specData = mysql_query("SELECT * FROM specialization"); 

    while($recordJob = mysql_fetch_array($specData)){ 

    echo'<option value="' . $recordJob['specialization_name'] . '">' . $recordJob['specialization_name'] . '</option>'; 

    } 


} 

function districtQuery(){ 

$distData = mysql_query("SELECT * FROM districts"); 

    while($recorddist = mysql_fetch_array($distData)){ 

    echo'<option value="' . $recorddist['district_name'] . '">' . $recorddist['district_name'] . '</option>'; 

    } 


} 

function villageQuery(){ 

$villageData = mysql_query("SELECT * FROM village"); 

    while($recordvillage = mysql_fetch_array($villageData)){ 

    echo'<option value="' . $recordvillage['village_name'] . '">' . $recordvillage['village_name'] . '</option>'; 

    } 


} 



//default value 
$message = "Fields Marcked with an [*] are Required"; 
    $username = ""; 
    $fname = ""; 
    $lname = ""; 
    $specialization = ""; 
    $email = ""; 
    $pass1 = ""; 
    $pass2 = ""; 
    $district = ""; 
    $village = ""; 

if(isset($_POST['username'])){ 
    $username = mysql_real_escape_string($_POST['username']); 
    $fname = mysql_real_escape_string($_POST['fname']); 
    $lname = mysql_real_escape_string($_POST['lname']); 
    $email = mysql_real_escape_string($_POST['email']); 
    $pass1 = mysql_real_escape_string($_POST['pass1']); 
    $pass2 = mysql_real_escape_string($_POST['pass2']); 
    $bdate = mysql_real_escape_string($_POST['birthdate']); 
    $country = mysql_real_escape_string($_POST['country']); 
    //$local_adress = $_POST['adress']; 
    $specialization = mysql_real_escape_string($_POST['specialization']); 
    $district = mysql_real_escape_string($_POST['district']); 
    $village = mysql_real_escape_string($_POST['village']); 

    //error handeling 
    if((!$username)||(!$fname)||(!$lname)||(!$email)||(!$pass1)||(!$pass2)||(!$specialization)||(!$district)||(!$village)){ 
    $message = "**** Please insert the Required Fields below ****<br />"; 

    if($fname == "") 
{ 
    $message = $message . "Enter First name<br/>"; 
} 
    if($lname == "") 
{ 
    $message = $message . "Enter Last name<br/>"; 
} 

if($specialization == 0) 
{ 
    $message = $message . "Select Your Job<br />"; 
} 
if($district == 0) 
{ 
    $message = $message . "Select Your District<br />"; 
} 
if($village == 0) 
{ 
    $message = $message . "Select Your Village<br />"; 
} 
if($email == "") 
{ 
    $message = $message . "Enter Email Adress<br/>"; 
} 
    if ($username == "") { 
    $message = $message . "Enter User Name<br/>"; 
    } 

    if($pass1 == "") 
{ 
    $message = $message . "Enter password<br/>"; 
} 

    if($pass2 == "") 
{ 
    $message = $message . "rechek the password <br/>"; 
} 

} 

    elseif(strlen($pass1) <= 8) 
    { 
    $message = $message . "Your Password must be at least 8 charachters<br />"; 
} 
    else if($pass1!=$pass2){ 
    $message = "your password do not match!"; 
    }else{ 
    //securing the data 
    $username = preg_replace("#[^0-9a-z]#i","",$username); 
    $fname = preg_replace("#[^0-9a-z]#i","",$fname); 
    $lname = preg_replace("#[^0-9a-z]#i","",$lname); 
    //$pass1 = sha1($pass1); 

    $email = mysql_real_escape_string($email); 
    // checking for duplicate 
    $user_query = mysql_query("SELECT user_name FROM user WHERE user_name = '$username'LIMIT 1") or die("could not check the username"); 
    $count_username = mysql_num_rows($user_query); 

    $email_query = mysql_query("SELECT email_address FROM user WHERE email_address = '$email'LIMIT 1") or die("could not check the email"); 
    $count_email = mysql_num_rows($email_query); 

    if($count_username > 0){ 
    $message = " your username is alredy in use"; 
    }elseif($count_email > 0){ 
     $message = "your email is alredy in use"; 
    } 
    else{ 

     $query = mysql_query("INSERT INTO user(user_name, first_name, last_name, address, district_name, village_name, birth_date, email_address, specialization_name, password, registered_date)VALUES('$username', '$fname', '$lname', '$country', '$district', '$village', '$bdate', '$email', '$specialization', '$pass1', now())")or die("could not insert data"); 
     //var_dump($query); 
     //exit(); 

    $message = "Registered Success <a href='profile.php'>Your Profile</a> "; 
    //from the social website 


     if ($query) 
     { 
     $_SESSION['user_id'] = mysql_insert_id(); 
     $_SESSION['login'] = 'true'; 
     $_SESSION['login_user'] = $username; 
     } 

    } 
    } 
} 




?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Register Page</title> 
<link href="style/stylesheet.css" rel="stylesheet" type="text/css" /> 
<link href="style/imagesGallery.css"rel="stylesheet" type="text/css"/> 
<script src="js/main.js" type="text/javascript"></script> 
<script src="js/jquery.js" type="text/javascript"></script> 
</head> 

<body> 

<div class="container"> 
<table width="200" border="0" align="center"> 
<tr> 
    <tr> 
    <td><img src="web_header copy.jpg" alt="visitor header" width="1080" height="128" /></td> 
    </tr> 
    <tr> 




    <td> 
     <marquee direction="left" width="99%" behavior="alternate"> 
     <img src="imggallery/images/akoura/akoura_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/ballaa2/ballaa2_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/baalbeck/baalbek_small.jpg" height="92"> 
     <img src="imggallery/images/barouk/cedre_barouk_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/batroun/batroun_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/bchareh/bchareh_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/beiteldin/beiteldine_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/beyrouth/beyrouth_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/beyrouth/beyroyj frm sky/beyrouthfromSky_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/deir el mara/deirelamar_small.jpg" width="119" height="91"> 
     </marquee> 
     <hr /> 
     <h2 class="registerTitle">Registration Fields</h2> 
     <h4 class="registerTitle">Sign Up Today....</h4> 
<!-- <div class="container center"> --> 
     <p style="color:#FF0000" align="center"><?php print("$message")?></p> 
    </td> 

    <tr> 
     <table width="680" border="0" align="center"> 
     <form action="register.php" method="post"> 

     <tr> 


     <td><span class="Fields">First Name</span> <span class="requiredField">*</span></td> 
     <td> 
     <input type="text" name="fname" placeholder="Firstname" /></td> 

     <td><span class="Fields">Last Name</span><span class="requiredField">*</span></td> 

     <td><input type="text" name="lname" placeholder="Lastname" /></td> 
     </tr> 


    <tr> 
     <td><label for="birthdate" class="Fields">Birth Date      </label></td> 
     <td><input type="date" name="birthdate" value= "YYYY_MM_DD" onfocus="if (this.value == 'YYYY_MM_DD') {this.value = '';}" onblur="if (this.value == '') {this.value = 'YYYY_MM_DD';}" /> 
     <br /></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="country">Country</label></td> 
     <td><select name="country" class="select"> 
     <option value="0">-- Select Your Country --</option> 
     <?php countryQuery(); ?> 
     </select></td> 
     <td class="Fields"><label for="specialisation">Specialisation <span class="requiredField">*</span></label></td> 
     <td><select name="specialization" class="select"> 
     <option value="0">-- Select Your Specialization --</option> 

     <?php specializationQuery(); ?> 
     </select></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="district">District<span class="requiredField">*</span></label></td> 
     <td><select name="district" class="select"> 
     <option value="0">-- Select Your District --</option> 

     <?php districtQuery(); ?> 
     </select></td> 

     <td class="Fields"><label for="village">Village<span class="requiredField">*</span></label></td> 
     <td><select name="village" class="select"> 
     <option value="0">-- Select Your Village --</option> 

     <?php villageQuery(); ?> 
     </select></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="email">Email Adress<span class="requiredField">*</span></label></td> 
     <td><input type="text" name="email" placeholder="Email Adress" /> 
     <br /></td> 
     <td><label for="username"><span class="Fields">User Name</span> <span class="requiredField">*</span></label></td> 
     <td><input type="text" name="username" placeholder="Username" /> 
     <br /></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="password">Password<span class="requiredField">*</span></label></td> 
     <td><input type="password" name="pass1" placeholder="Password" /> 
     <br /></td> 
     <td class="Fields"><label for="password2">Re_Password<span class="requiredField">*</span></label></td> 
     <td><input type="password" name="pass2" placeholder="Validate Password" /> 
     <br /></td> 

    </tr> 

    <tr> 
     <td></td> 
     <td></td> 
     <td><input type="submit" value="Register"/></td> 
     <td></td> 
    </tr> 

    </form> 
</table> 
<!--</div>--> 
    </tr> 



    <tr> 
    <td><?php require_once('footer.php'); ?></td> 
    </tr> 
    </tr> 
    </tr> 
</table> 


</div> 
</body> 
</html> 
<?php ob_end_flush(); ?> 

누구나 나를 도울 수 있습니까 ???

Answer 1

"** specialization_name **"이 (가) 분명히 문제를 일으켰습니다. *는 SQL 쿼리의 문이며 기본적으로 모든 것을 나타냅니다 (예 : SELECT * FROM someTable ... someTable의 모든 항목 선택). 별표를 제거해야 올바르게 설정되었다고 가정 할 때

Answer 2

user 표에 specialization_name 대신 specialization_id을 사용해야합니다. 나는 specialization_id이 테이블 specialization의 키이고 테이블 user에 specialization 테이블 (specialization.id)의 기본 키를 참조하는 외래 키 (user.specialization_id)가 있어야한다고 가정합니다.

의 당신은 다음과 같은 전문 있다고 가정 해 봅시다 :

1. Spec1
2. Spec2을
3. Spec3

다음 HTML에서 선택 요소는 다음과 같아야합니다

<select name="specialization" class="select"> 
    <option value="0">-- Select Your Specialization --</option> 
    <option value="1">Spec1</option> 
    <option value="2">Spec2</option> 
    <option value="3">Spec3</option> 
</select> 

자, 이제 예를 들어 Spec2이라면 변수 $specialization의 값은 2 여야하며 데이터베이스에 삽입 할 수 있어야합니다.

희망이 있습니다.

Answer 3

내가 볼 수있는 것보다 더 단순하게 만들기 위해 다른 테이블을 사용하는 대신 사용자 테이블에서 ENUM 필드를 사용할 수 있다고 생각합니다. 이것은 아마도 당신을 대신 할 수 있습니다.

Answer 4

PHP PDO을 시도해보십시오. PHP의 mysql_ 함수는 가치가 떨어지며 PDO가 더 안전 할 것이므로 응용 프로그램을 다른 데이터베이스로 이식하는 것이 가장 좋습니다. 할 수 없습니다 mysql_로

이 같이

에 있음 :

//We connect to the database 
    $host="xxxxxx"; // Host name 
    $username="xxxxxxx"; // Mysql username 
    $password="xxxxxxxxxx"; // Mysql password 
    $db_name="xxxxxxxx"; // Database name 

    // Connect to server via PHP Data Object 
    $dbh = new PDO("mysql:host=localhost;dbname=DBFinaid", $username, $password); 
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE); 

     try { 
       $query = $dbh->prepare(" 
         INSERT INTO user(user_name, 
             first_name, 
             last_name, 
             address, 
             district_name, 
             village_name, 
             birth_date, 
             email_address, 
             specialization_name, 
             password, 
             registered_date) 
        VALUES(':username', 
             ':fname', 
             ':lname', 
             ':country', 
             ':district', 
             ':village', 
             ':bdate', 
             ':email', 
             ':specialization', 
             ':pass1', 
             now())" 
            ); 

       $query->bindParam(':YOURVALUES', $YOURVALUE); // Make sure the number values in bindParam equal your values in the query 
       ..................................... 
       $query->execute(); 
     catch (PDOException $e) { 
       error_log($e->getMessage()); 
       die($e->getMessage()); 
      } 

      $dbh= null; 


    [1]: http://php.net/manual/en/book.pdo.php 

Answer 5

귀하의 specializationQuery 기능을 대신 <option value="' . $recordJob['specialization_name'] . '">' . $recordJob['specialization_name'] . '</option>의 <option value="' . $recordJob['specialization_id'] . '">' . $recordJob['specialization_name'] . '</option> 같은 문자열을 인쇄해야합니다, 그래서 당신은 당신이 사용자 데이터베이스에 삽입해야하는 specialization_id 값을 가져옵니다.