php - 尝试使用 php 将 session 变量传递到 mysql 查询中

标签 php mysql session

希望有人能帮忙
我编写了以下函数 - insert_address($address) 将地址记录写入 mysql 数据库。它会写入除 custid 之外的所有字段。

custid是另一个表的主索引,存储在 session 变量$_SESSION

函数insert_address($address)从函数下方的表单中调用

我添加了其他代码来显示 session ID 等以获得额外的背景。

<?php

  function insert_address($address) {
        global $db;


      $sql = "INSERT INTO address ";
      $sql .= "(custid, houseno, street_1, street_2, town, county, postcode, country) ";
      $sql .= "VALUES (";
      $sql .= "'" . db_escape($db, $address['custid']) . "',";
     $sql .= "'" . db_escape($db, $address['houseno']) . "',";
     $sql .= "'" . db_escape($db, $address['street_1']) . "',";
     $sql .= "'" . db_escape($db, $address['street_2']) . "',";
     $sql .= "'" . db_escape($db, $address['town']) . "',";
     $sql .= "'" . db_escape($db, $address['county']) . "',";
     $sql .= "'" . db_escape($db, $address['postcode']) . "',";
     $sql .= "'" . db_escape($db, $address['country']) . "'";
     $sql .= ")";
     $result = mysqli_query($db, $sql);


     // For INSERT statements, $result is true/false

     if($result) {
       return true;
     } else {
       // INSERT failed
       echo mysqli_error($db);
       db_disconnect($db);
       exit;
     }
   }

?>

PHP 表单

<?php

require_once('../../private/initialize.php');

require_user_login();

if(is_post_request()) {
  $address = [];
  $address ['custid'] = $_POST['custid'] ?? '';
  $address['houseno'] = $_POST['houseno'] ?? '';
  $address['street_1'] = $_POST['street_1'] ?? '';
  $address['street_2'] = $_POST['street_2'] ?? '';
  $address['town'] = $_POST['town'] ?? '';
  $address['county'] = $_POST['county'] ?? '';
  $address['postcode'] = $_POST['postcode'] ?? '';
  $address['country'] = $_POST['country'] ?? '';

  $result = insert_address($address);
  if($result === true) {
//    $new_id = mysqli_insert_id($db);
    $_SESSION['message'] = 'Address Created.';
    redirect_to(url_for('/admin/show.php?id=' . $custid));
  } else {
    $errors = $result;
  }

} else {
  // display the blank form
  $address = [];
  $address['custid'] = $_GET['custid'] ?? '1';
  $address['houseno'] = '';
  $address['street_1'] = '';
  $address['street_2'] = '';
  $address['town'] = '';
  $address['county'] = '';
  $address['postcode'] = '';
  $address['country'] = '';
}


?>

<?php $page_title = 'Create Address'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>

<div id="content">

  <a class="back-link" href="<?php echo url_for('/admin/show.php'); ?>">&laquo; Back to Account Page</a>

  <div class="admin new">
    <h1>Create Address</h1>

    <?php echo display_errors($errors); ?>

    <form action="<?php echo url_for('/admin/address.php'); ?>" method="post">
      <dl>
        <dt>House Number</dt>
        <dd><input type="text" name="houseno" value="<?php echo h($address['houseno']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Street</dt>
        <dd><input type="text" name="street_1" value="<?php echo h($address['street_1']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Street 2</dt>
        <dd><input type="text" name="street_2" value="<?php echo h($address['street_2']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Town or City</dt>
        <dd><input type="text" name="town" value="<?php echo h($address['town']); ?>" /></dd>
      </dl>

      <dl>
        <dt>County </dt>
        <dd><input type="text" name="county" value="<?php echo h($address['county']); ?>" /><br /></dd>
      </dl>

      <dl>
        <dt>Post Code </dt>
        <dd><input type="text" name="postcode" value="<?php echo h($address['postcode']); ?>" /><br /></dd>
      </dl>

      <dl>
        <dt>Country </dt>
        <dd><input type="text" name="country" value="<?php echo h($address['country']); ?>" /><br /></dd>
      </dl>

      <br />

      <div id="operations">
        <input type="submit" value="Add Address" />
      </div>
    </form>

  </div>

</div>

<?php include(SHARED_PATH . '/public_footer.php'); ?>



<?php

  require_once('db_credentials.php');

  function db_connect() {
    $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
    confirm_db_connect();
    return $connection;
  }

  function db_disconnect($connection) {
    if(isset($connection)) {
      mysqli_close($connection);
    }
  }

  function db_escape($connection, $string) {
    return mysqli_real_escape_string($connection, $string);
  }

  function confirm_db_connect() {
    if(mysqli_connect_errno()) {
      $msg = "Database connection failed: ";
      $msg .= mysqli_connect_error();
      $msg .= " (" . mysqli_connect_errno() . ")";
      exit($msg);
    }
  }

  function confirm_result_set($result_set) {
    if (!$result_set) {
       exit("Database query failed.");
    }
  }

?>

我尝试过使用全局变量,只是将其放入尝试强制传递值,现在已删除它们但仍然得到相同的结果, 我使用 session ID 在页面之间移动时传递所需的变量。

<?php
// Performs all actions necessary to log in an customer
function log_in_customer($customer) {
// Renerating the ID protects the customer from session fixation.
  session_regenerate_id();
  $_SESSION['custid'] = $customer['custid'];
  $_SESSION['last_login'] = time();
  $_SESSION['username'] = $customer['username'];
  return true;
}

// Performs all actions necessary to log out an customer
function log_out_customer() {
  unset($_SESSION['custid']);
  unset($_SESSION['last_login']);
  unset($_SESSION['username']);
  // session_destroy(); // optional: destroys the whole session
  return true;
}


// is_logged_in() contains all the logic for determining if a
// request should be considered a "logged in" request or not.
// It is the core of require_login() but it can also be called
// on its own in other contexts (e.g. display one link if a customer
// is logged in and display another link if they are not)
function user_is_logged_in() {
  // Having a cust_id in the session serves a dual-purpose:
  // - Its presence indicates the customer is logged in.
  // - Its value tells which customer for looking up their record.
  return isset($_SESSION['custid']);
}

// Call require_login() at the top of any page which needs to
// require a valid login before granting acccess to the page.
function require_user_login() {
  if(!user_is_logged_in()) {
    redirect_to(url_for('/login.php'));
  } else {
    // Do nothing, let the rest of the page proceed
  }
}

?>

<?php 

// Performs all actions necessary to log out an customer
function log_out_customer() {
  unset($_SESSION['custid']);
  unset($_SESSION['last_login']);
  unset($_SESSION['username']);
  // session_destroy(); // optional: destroys the whole session
  return true;
}
?>

我确信这只是一个我找不到的简单修复!

最佳答案

您永远不会分配$_POST['custid']。您应该使用登录时设置的 session 变量。

尝试在 PHP 表单中使用 $_SESSION['custid']。所以而不是 $address ['custid'] = $_POST['custid'] ?? ''; 在您的 PHP 表单中使用此 $address ['custid'] = $_SESSION['custid'] ?? '';我认为您只是使用了错误的变量。

关于php - 尝试使用 php 将 session 变量传递到 mysql 查询中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45082281/

上一篇:MySQL GROUP_CONCAT 防止不必要的重复

下一篇:php - 基于角色的登录

相关文章:

javascript - 转换 Symfony2 PHP 实体对象以在 Javascript 中使用

php - 通过 cake-php 从 db 获取不同的值

session - 从 JSF 页面获取请求和 session 参数及属性

java - Spring 安全 : session expiration without redirect to expired-url?

php - 授权 Facebook 粉丝页面进行状态更新

php - 如何从重复字段中仅选择一个

php - PDO 插入引发无法解释的 "Array to string conversion"错误

php - 安装后如何更新 adobe air 应用程序?

php - 如何获得当前时间和 eventTime 之间的时差

mysql 透视动态表并仅在 count > 0 时返回

©2024 IT工具网  联系我们