如果满足条件,如何将数据从FORM插入mysql。
这些是我的代码。
$sql0检查类似数据是否已经存在
$sql1向mysql插入数据
$wirebname = mysqli_real_escape_string($conn, $_POST["wirebname"]);
$wireaccname = mysqli_real_escape_string($conn, $_POST["wireaccname"]);
$wireacno = mysqli_real_escape_string($conn, $_POST["wireacno"]);
$wirebranchnumber = mysqli_real_escape_string($conn, $_POST["wirebranchnumber"]);
$swift = mysqli_real_escape_string($conn, $_POST["swift"]);
$route = mysqli_real_escape_string($conn, $_POST["route"]);
$state = mysqli_real_escape_string($conn, $_POST["state"]);
$country = mysqli_real_escape_string($conn, $_POST["country"]);
$id = $_SESSION['loggedIn_cust_id'];
$sql0 = "
SELECT wire_benef_id
FROM wire_beneficiary".$id."
WHERE wirebname='".$wirebname."'
AND wireaccname='".$wireaccname."'
AND wireacno='".$wireacno."'
AND swift='".$swift."'
AND route='".$route."'
";
$result = $conn->query($sql0);
$success = 0;
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$wire_account_number = $row["wireacno"];
if ($wireacno != $wire_account_number) {
$sql1 = "INSERT INTO wire_beneficiary".$id."
VALUES(
NULL,
'$wirebname',
'$wireaccname',
'$wireacno',
'$wirebranchnumber',
'$swift',
'$route',
'$state'
'$country',
)
";
if (($conn->query($sql1) === TRUE)) {
$success = 1;
}
} else {
$success = -1;
}
}
如果帐号已经存在,我想要打印出错误
如果没有,则应将其写入数据库。
<?php
if ($success == 1) { ?>
<p id="info"><?php echo "Beneficiary successfully added !\n"; ?></p>
<?php } ?>
最佳答案
您正在使用无用的双重检查。当您通过 select 查询检索所需的行时,if ($wireacno != $wire_account_number) { 始终返回 false。如果 if ($result->num_rows > 0) { 返回 true,那么显然您的帐户已存在,您不需要再次检查。所以试试这个代码
if ($result->num_rows == 0) {
$sql1 = "INSERT INTO wire_beneficiary".$id." VALUES(
NULL,
'$wirebname',
'$wireaccname',
'$wireacno',
'$wirebranchnumber',
'$swift',
'$route',
'$state'
'$country',
)";
if (($conn->query($sql1) === TRUE)) {
$success = 1;
}
}
else {
$success = -1;
}
}
如上所述,您的代码容易受到攻击,并且容易受到 SQL 注入(inject)的影响,以尝试使用 PDO 或准备好的语句
关于php - 如果条件正确,如何插入数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52890686/