PHP MYSQL +插入查询解释

Question

任何人做了反对票，批评我，我是新来的发展和我使用PHP和MySQL

，所以我试图让用户插入一些需要在我询问一些熟知之前在注册页面信息，将信息提交给有这些字段表命名用户：

• USER_NAME，
• FIRST_NAME，
• 姓氏，
• 个地址，
• district_name，
• village_name，
• birth_date，
• EMAIL_ADDRESS，
• specialization_name，
• 密码，
• registered_date

和我有名称的另一个表有这些领域的专业 ：

• specialization_id
• specilaization_name

我需要的是用户在注册页面选择专业化，但在用户表中我需要使用specialization_id作为一个外键专业化表

，我使用插入查询是：

$query = mysql_query("INSERT INTO user(user_name, first_name, last_name, address, district_name, village_name, birth_date, email_address, specialization_name, password, registered_date)VALUES('$username', '$fname', '$lname', '$country', '$district', '$village', '$bdate', '$email', '$specialization', '$pass1', now())")or die("could not insert data"); 

register.php

<?php require_once('for members/scripts/connect.php'); ?> 


<?php 
ob_start(); 
function countryQuery(){ 

    $countryData = mysql_query("SELECT * FROM country") or die("could select database"); 

    while($record = mysql_fetch_array($countryData)){ 

    echo'<option value="' . $record['country_name'] . '">' . $record['country_name'] . '</option>'; 

    } 

} 


function specializationQuery(){ 

$specData = mysql_query("SELECT * FROM specialization"); 

    while($recordJob = mysql_fetch_array($specData)){ 

    echo'<option value="' . $recordJob['specialization_name'] . '">' . $recordJob['specialization_name'] . '</option>'; 

    } 


} 

function districtQuery(){ 

$distData = mysql_query("SELECT * FROM districts"); 

    while($recorddist = mysql_fetch_array($distData)){ 

    echo'<option value="' . $recorddist['district_name'] . '">' . $recorddist['district_name'] . '</option>'; 

    } 


} 

function villageQuery(){ 

$villageData = mysql_query("SELECT * FROM village"); 

    while($recordvillage = mysql_fetch_array($villageData)){ 

    echo'<option value="' . $recordvillage['village_name'] . '">' . $recordvillage['village_name'] . '</option>'; 

    } 


} 



//default value 
$message = "Fields Marcked with an [*] are Required"; 
    $username = ""; 
    $fname = ""; 
    $lname = ""; 
    $specialization = ""; 
    $email = ""; 
    $pass1 = ""; 
    $pass2 = ""; 
    $district = ""; 
    $village = ""; 

if(isset($_POST['username'])){ 
    $username = mysql_real_escape_string($_POST['username']); 
    $fname = mysql_real_escape_string($_POST['fname']); 
    $lname = mysql_real_escape_string($_POST['lname']); 
    $email = mysql_real_escape_string($_POST['email']); 
    $pass1 = mysql_real_escape_string($_POST['pass1']); 
    $pass2 = mysql_real_escape_string($_POST['pass2']); 
    $bdate = mysql_real_escape_string($_POST['birthdate']); 
    $country = mysql_real_escape_string($_POST['country']); 
    //$local_adress = $_POST['adress']; 
    $specialization = mysql_real_escape_string($_POST['specialization']); 
    $district = mysql_real_escape_string($_POST['district']); 
    $village = mysql_real_escape_string($_POST['village']); 

    //error handeling 
    if((!$username)||(!$fname)||(!$lname)||(!$email)||(!$pass1)||(!$pass2)||(!$specialization)||(!$district)||(!$village)){ 
    $message = "**** Please insert the Required Fields below ****<br />"; 

    if($fname == "") 
{ 
    $message = $message . "Enter First name<br/>"; 
} 
    if($lname == "") 
{ 
    $message = $message . "Enter Last name<br/>"; 
} 

if($specialization == 0) 
{ 
    $message = $message . "Select Your Job<br />"; 
} 
if($district == 0) 
{ 
    $message = $message . "Select Your District<br />"; 
} 
if($village == 0) 
{ 
    $message = $message . "Select Your Village<br />"; 
} 
if($email == "") 
{ 
    $message = $message . "Enter Email Adress<br/>"; 
} 
    if ($username == "") { 
    $message = $message . "Enter User Name<br/>"; 
    } 

    if($pass1 == "") 
{ 
    $message = $message . "Enter password<br/>"; 
} 

    if($pass2 == "") 
{ 
    $message = $message . "rechek the password <br/>"; 
} 

} 

    elseif(strlen($pass1) <= 8) 
    { 
    $message = $message . "Your Password must be at least 8 charachters<br />"; 
} 
    else if($pass1!=$pass2){ 
    $message = "your password do not match!"; 
    }else{ 
    //securing the data 
    $username = preg_replace("#[^0-9a-z]#i","",$username); 
    $fname = preg_replace("#[^0-9a-z]#i","",$fname); 
    $lname = preg_replace("#[^0-9a-z]#i","",$lname); 
    //$pass1 = sha1($pass1); 

    $email = mysql_real_escape_string($email); 
    // checking for duplicate 
    $user_query = mysql_query("SELECT user_name FROM user WHERE user_name = '$username'LIMIT 1") or die("could not check the username"); 
    $count_username = mysql_num_rows($user_query); 

    $email_query = mysql_query("SELECT email_address FROM user WHERE email_address = '$email'LIMIT 1") or die("could not check the email"); 
    $count_email = mysql_num_rows($email_query); 

    if($count_username > 0){ 
    $message = " your username is alredy in use"; 
    }elseif($count_email > 0){ 
     $message = "your email is alredy in use"; 
    } 
    else{ 

     $query = mysql_query("INSERT INTO user(user_name, first_name, last_name, address, district_name, village_name, birth_date, email_address, specialization_name, password, registered_date)VALUES('$username', '$fname', '$lname', '$country', '$district', '$village', '$bdate', '$email', '$specialization', '$pass1', now())")or die("could not insert data"); 
     //var_dump($query); 
     //exit(); 

    $message = "Registered Success <a href='profile.php'>Your Profile</a> "; 
    //from the social website 


     if ($query) 
     { 
     $_SESSION['user_id'] = mysql_insert_id(); 
     $_SESSION['login'] = 'true'; 
     $_SESSION['login_user'] = $username; 
     } 

    } 
    } 
} 




?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Register Page</title> 
<link href="style/stylesheet.css" rel="stylesheet" type="text/css" /> 
<link href="style/imagesGallery.css"rel="stylesheet" type="text/css"/> 
<script src="js/main.js" type="text/javascript"></script> 
<script src="js/jquery.js" type="text/javascript"></script> 
</head> 

<body> 

<div class="container"> 
<table width="200" border="0" align="center"> 
<tr> 
    <tr> 
    <td><img src="web_header copy.jpg" alt="visitor header" width="1080" height="128" /></td> 
    </tr> 
    <tr> 




    <td> 
     <marquee direction="left" width="99%" behavior="alternate"> 
     <img src="imggallery/images/akoura/akoura_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/ballaa2/ballaa2_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/baalbeck/baalbek_small.jpg" height="92"> 
     <img src="imggallery/images/barouk/cedre_barouk_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/batroun/batroun_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/bchareh/bchareh_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/beiteldin/beiteldine_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/beyrouth/beyrouth_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/beyrouth/beyroyj frm sky/beyrouthfromSky_small.jpg" width="119" height="91"> 
     <img src="imggallery/images/deir el mara/deirelamar_small.jpg" width="119" height="91"> 
     </marquee> 
     <hr /> 
     <h2 class="registerTitle">Registration Fields</h2> 
     <h4 class="registerTitle">Sign Up Today....</h4> 
<!-- <div class="container center"> --> 
     <p style="color:#FF0000" align="center"><?php print("$message")?></p> 
    </td> 

    <tr> 
     <table width="680" border="0" align="center"> 
     <form action="register.php" method="post"> 

     <tr> 


     <td><span class="Fields">First Name</span> <span class="requiredField">*</span></td> 
     <td> 
     <input type="text" name="fname" placeholder="Firstname" /></td> 

     <td><span class="Fields">Last Name</span><span class="requiredField">*</span></td> 

     <td><input type="text" name="lname" placeholder="Lastname" /></td> 
     </tr> 


    <tr> 
     <td><label for="birthdate" class="Fields">Birth Date      </label></td> 
     <td><input type="date" name="birthdate" value= "YYYY_MM_DD" onfocus="if (this.value == 'YYYY_MM_DD') {this.value = '';}" onblur="if (this.value == '') {this.value = 'YYYY_MM_DD';}" /> 
     <br /></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="country">Country</label></td> 
     <td><select name="country" class="select"> 
     <option value="0">-- Select Your Country --</option> 
     <?php countryQuery(); ?> 
     </select></td> 
     <td class="Fields"><label for="specialisation">Specialisation <span class="requiredField">*</span></label></td> 
     <td><select name="specialization" class="select"> 
     <option value="0">-- Select Your Specialization --</option> 

     <?php specializationQuery(); ?> 
     </select></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="district">District<span class="requiredField">*</span></label></td> 
     <td><select name="district" class="select"> 
     <option value="0">-- Select Your District --</option> 

     <?php districtQuery(); ?> 
     </select></td> 

     <td class="Fields"><label for="village">Village<span class="requiredField">*</span></label></td> 
     <td><select name="village" class="select"> 
     <option value="0">-- Select Your Village --</option> 

     <?php villageQuery(); ?> 
     </select></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="email">Email Adress<span class="requiredField">*</span></label></td> 
     <td><input type="text" name="email" placeholder="Email Adress" /> 
     <br /></td> 
     <td><label for="username"><span class="Fields">User Name</span> <span class="requiredField">*</span></label></td> 
     <td><input type="text" name="username" placeholder="Username" /> 
     <br /></td> 

    </tr> 

    <tr> 
     <td class="Fields"><label for="password">Password<span class="requiredField">*</span></label></td> 
     <td><input type="password" name="pass1" placeholder="Password" /> 
     <br /></td> 
     <td class="Fields"><label for="password2">Re_Password<span class="requiredField">*</span></label></td> 
     <td><input type="password" name="pass2" placeholder="Validate Password" /> 
     <br /></td> 

    </tr> 

    <tr> 
     <td></td> 
     <td></td> 
     <td><input type="submit" value="Register"/></td> 
     <td></td> 
    </tr> 

    </form> 
</table> 
<!--</div>--> 
    </tr> 



    <tr> 
    <td><?php require_once('footer.php'); ?></td> 
    </tr> 
    </tr> 
    </tr> 
</table> 


</div> 
</body> 
</html> 
<?php ob_end_flush(); ?> 

所以任何人都可以帮我???

Answer 1

“** specialization_name **”肯定会导致问题。 *是SQL查询中的语句，它基本上代表了所有内容（例如，SELECT * FROM someTable ...表示从someTable中选择所有内容）。您应该删除星号和您的查询将工作假设你将它设置正确

Answer 2

我认为你不应该使用在user -table specialization_name但specialization_id。我假设specialization_id是表specialization中的关键字，并且您应该在表user中提供一个引用主表键specialization表（specialization.id）的外键（user.specialization_id）。

比方说，你有以下专业：

1. SPEC1
2. SPEC2
3. SPEC3

然后在HTML选择元素应该是这样的：

<select name="specialization" class="select"> 
    <option value="0">-- Select Your Specialization --</option> 
    <option value="1">Spec1</option> 
    <option value="2">Spec2</option> 
    <option value="3">Spec3</option> 
</select> 

现在，如果你ser选择让我们说Spec2，那么你的变量$specialization应该有值2，你应该能够将其插入数据库。

希望它有帮助！

Answer 3

为了使事情更简单，我可以看到我相信你可以在用户表中使用ENUM字段，而不是使用其他表。这也许可以替代你。

Answer 4

尝试PHP PDO，php中的mysql_函数将被折旧并且PDO更安全，并且是将应用程序移植到其他数据库的最佳实践。不能做到这一点与Mysql_

像这样：

//We connect to the database 
    $host="xxxxxx"; // Host name 
    $username="xxxxxxx"; // Mysql username 
    $password="xxxxxxxxxx"; // Mysql password 
    $db_name="xxxxxxxx"; // Database name 

    // Connect to server via PHP Data Object 
    $dbh = new PDO("mysql:host=localhost;dbname=DBFinaid", $username, $password); 
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE); 

     try { 
       $query = $dbh->prepare(" 
         INSERT INTO user(user_name, 
             first_name, 
             last_name, 
             address, 
             district_name, 
             village_name, 
             birth_date, 
             email_address, 
             specialization_name, 
             password, 
             registered_date) 
        VALUES(':username', 
             ':fname', 
             ':lname', 
             ':country', 
             ':district', 
             ':village', 
             ':bdate', 
             ':email', 
             ':specialization', 
             ':pass1', 
             now())" 
            ); 

       $query->bindParam(':YOURVALUES', $YOURVALUE); // Make sure the number values in bindParam equal your values in the query 
       ..................................... 
       $query->execute(); 
     catch (PDOException $e) { 
       error_log($e->getMessage()); 
       die($e->getMessage()); 
      } 

      $dbh= null; 


    [1]: http://php.net/manual/en/book.pdo.php 

Answer 5

你specializationQuery功能应打印字符串像<option value="' . $recordJob['specialization_id'] . '">' . $recordJob['specialization_name'] . '</option>代替<option value="' . $recordJob['specialization_name'] . '">' . $recordJob['specialization_name'] . '</option>，让您得到specialization_id值，你必须插入到用户数据库。