如何在会话中创建表单,并将该表单的数据关联到注册用户?
How to create form inside session, and relate the data of that form to the registered user?
在用户自行注册后我有一个表单,数据会转到同一数据库中的另一个 table。我想关联两个 table,这样当我登录时,我可以显示第二个 table 的信息,并且能够向 table 添加更多数据那个用户。
服务器
<?php
session_start();
$username = "";
$email = "";
$errors = array();
$_SESSION['success'] = "";
$db = mysqli_connect('localhost','root', '','carsolve') or die("Nao conseguiu conectar à base de dados");
// REGISTER USER
if (isset($_POST['reg_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$phone = mysqli_real_escape_string($db, $_POST['phone']);
$user_check_query = "SELECT * FROM user WHERE email = '$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if($user){
if($user['email'] === $email){
array_push($errors, "Este email já existe.");
}
}
// register user if there are no errors in the form
if(count($errors) == 0){
$password = md5($password);
$query = "INSERT INTO user (username, email, password, phone) VALUES ('$username' , '$email' , '$password', '$phone')";
mysqli_query($db,$query);
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are Logged";
header('location: explicaçao1.php');
}
}
// ...
// LOGIN USER
if(isset($_POST['login_user'])){
$email = mysqli_real_escape_string($db , $_POST['email']);
$password = mysqli_real_escape_string($db , $_POST['password']);
if(count($errors) == 0){
$password = md5 ($password);
$query = "SELECT * FROM user WHERE email ='$email' AND password='$password' ";
$result = mysqli_query($db,$query);
$row = mysqli_fetch_assoc($result);
if(mysqli_num_rows($result)){
$_SESSION['email'] = $email;
$_SESSION['username'] = $row['username'];
$_SESSION['success'] = "Login com sucesso";
header('location: page1.php');
}else{
array_push($errors, "Email e/ou Password incorretos.");
}
}
}
if (isset($_POST['submit'])) {
$Marca = mysqli_real_escape_string($db, $_POST['Marca']);
$Modelo = mysqli_real_escape_string($db, $_POST['Modelo']);
$Cilindrada = mysqli_real_escape_string($db, $_POST['Cilindrada']);
$Potência = mysqli_real_escape_string($db, $_POST['Potência']);
$Combustivel = mysqli_real_escape_string($db,$_POST['Combustivel']);
$Matricula = mysqli_real_escape_string($db,$_POST['Matricula']);
$Categoria = mysqli_real_escape_string($db,$_POST['Categoria']);
$Tipo = mysqli_real_escape_string($db,$_POST['Tipo']);
$Motor= mysqli_real_escape_string($db,$_POST['Motor']);
$Ano = mysqli_real_escape_string($db,$_POST['Ano']);
$query = "INSERT INTO carros (Marca, Modelo, Cilindrada, Potência, Combustivel,
Matricula, Categoria, Tipo, Motor, Ano) VALUES ('$Marca' , '$Modelo' , '$Cilindrada' , '$Potência' , '$Combustivel', '$Matricula' ,
'$Categoria' , '$Tipo', '$Motor', '$Ano')";
mysqli_query($db,$query);
header('location: page1.php');
}
?>
用户注册后的表单
<?php
include('server/server.php')
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>CarSolve</title>
<link rel="stylesheet" href="css/background.css" type="text/css">
<link rel="stylesheet" href="css/carro.css" type="text/css">
<link rel="stylesheet" href="https://use.typekit.net/fqq3ceb.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<div class="container">
<div class="screen">
<div class="conteudo">
<div class="login">
<form method="post" action="carro.php">
<div id="page" style="display:block">
<h4>Vamos registar<br> o seu carro.</h4>
<p>Informação disponível no Certificado de Matrícula.</p>
<div id="input-login">
<input class="input" type="text" name="Marca" id="Marca"placeholder="Marca (D.1)" required>
</div>
<div id="input-login">
<input class="input" type="text" name="Modelo" placeholder="Modelo (D.2)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Cilindrada" placeholder="Cilindrada (P.1)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Potência" placeholder="Potência útil máxima (P.2)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Combustivel" placeholder="Combustível (P.3)" required>
</div>
<div class="seguinte" >
<a href="javascript:SwapDivsWithClick('page','page2')" class="button">Seguinte</a>
</div>
</div>
<div id="page2" style="display:none">
<h4>Está quase<br> a terminar!</h4>
<p>Informação disponível no Certificado de Matrícula.</p>
<div id="input-login">
<input class="input" type="text" name="Matricula" placeholder="Número de matrícula (A)" required>
</div>
<div id="input-login">
<input class="input" type="text" name="Categoria" placeholder="Categoria nacional (J.1)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Tipo" placeholder="Tipo de veículo (J.2)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Motor" placeholder="Regime Nominal (P.4) " required >
</div>
<div class="input-login">
<input class="input" type="text" name="Ano" placeholder="Ano do Carro" required >
</div>
<div class="seguinte1">
<button type="submit" name="submit" class="button2">Seguinte</button>
</div>
<div class="anterior">
<a href="javascript:SwapDivsWithClick('page2','page')" class="button1">Anterior</a>
</div>
</div>
</form>
<img src="Imagens/onda2.svg" alt="logo" class="fundo1">
<img src="Imagens/onda1.svg" alt="logo" class="fundo">
</div>
</div>
</div>
<script type="text/javascript">
function SwapDivsWithClick(div1,div2)
{
d1 = document.getElementById(div1);
d2 = document.getElementById(div2);
if( d2.style.display == "none" )
{
d1.style.display = "none";
d2.style.display = "block";
}
else
{
d1.style.display = "block";
d2.style.display = "none";
}
}
</script>
</body>
</html>
有很多方法可以实现这一点。我会给你一些起点,但我建议你进一步探索这些,从可用性的角度找出最有效的方法,然后以此为基础。
另请注意我最后关于绑定 SQL 查询的观点。非常重要。
选项 1:使用 $_SESSION[] 变量
我注意到您在代码中使用了 $_SESSION['success'] = "";,因此您熟悉 $_SESSION[] 变量。您可以为 $_SESSION['email'] 赋值,然后在用户提交第二个表单后检查该变量,并使用它将数据与该电子邮件相关联:
$_SESSION['email'] = mysqli_real_escape_string($db, $_POST['email']);
选项 2:使用 <input type = "hidden">
在此选项中,您可以根据第一个表单中的用户详细信息在第二个表单中创建隐藏的 <input> 字段。例如:
<?php
$email = mysqli_real_escape_string($db, $_POST['$email']);
$phone = mysqli_real_escape_string($db, $_POST['$email']);
?>
<input type="hidden" name="email" value="<?=$email;>">
<input type="hidden" name="email" value="<?=$phone;>">
选项 3:使用令牌
这有点复杂,但我会解释为什么我建议这样做。您可以在第一个表单中生成一个随机令牌并提交,然后在数据库的新列中将其与其余 sql 查询一起添加。
使用此标记作为选项 2 中的隐藏项,将数据从表格 1 连接到表格 2。
因此,在表格 1 中,您将如下所示:
<form name="form1" method="POST" action="form2?token=<?=rndtoken;?>">
如果您想在填写完表单 1 后向用户发送一封电子邮件,其中包含 link 以继续填写表单,则此选项很有用。你会发送一个 link 像 continueregistering.php?token=thisismyrandomtokencompletelyuniquetothisuser 然后检查令牌使用:
$_GET['token']
...所以有几种不同的方法,还有更多。值得探索每一个并了解每一个的作用、工作原理以及如何将其应用于您的网站。
确保你检查了 PHP 的 isset() 函数,这样你就可以检查变量是否存在,以防有人不通过表格 1 就跳转到表格 2:
https://www.php.net/manual/en/function.isset.php
终点(非常重要)
请了解准备好的 SQL 语句。现在,您在 SQL 语句中使用了 email = '$email" 和 password = "password" 之类的东西。这使您的站点很容易受到插入数据库和站点的恶意代码的影响。我明白了您在 PHP 编程初期的印象,但这确实是必须学习的,所以请看一看:
https://www.php.net/manual/en/mysqli-stmt.bind-param.php
最后,您需要在将密码放入数据库之前对其进行哈希处理。现在您将它们作为纯文本插入。因此,如果我掌握了您的用户数据库,我可以看到您的密码是 mypassword123。
散列密码,对密码应用数学算法对其进行加密,这样黑客就看不到实际密码。您可以在这里找到更多信息:
https://www.php.net/manual/en/function.password-hash.php
如果您需要任何进一步的帮助,请告诉我。
在用户自行注册后我有一个表单,数据会转到同一数据库中的另一个 table。我想关联两个 table,这样当我登录时,我可以显示第二个 table 的信息,并且能够向 table 添加更多数据那个用户。
服务器
<?php
session_start();
$username = "";
$email = "";
$errors = array();
$_SESSION['success'] = "";
$db = mysqli_connect('localhost','root', '','carsolve') or die("Nao conseguiu conectar à base de dados");
// REGISTER USER
if (isset($_POST['reg_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$phone = mysqli_real_escape_string($db, $_POST['phone']);
$user_check_query = "SELECT * FROM user WHERE email = '$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if($user){
if($user['email'] === $email){
array_push($errors, "Este email já existe.");
}
}
// register user if there are no errors in the form
if(count($errors) == 0){
$password = md5($password);
$query = "INSERT INTO user (username, email, password, phone) VALUES ('$username' , '$email' , '$password', '$phone')";
mysqli_query($db,$query);
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are Logged";
header('location: explicaçao1.php');
}
}
// ...
// LOGIN USER
if(isset($_POST['login_user'])){
$email = mysqli_real_escape_string($db , $_POST['email']);
$password = mysqli_real_escape_string($db , $_POST['password']);
if(count($errors) == 0){
$password = md5 ($password);
$query = "SELECT * FROM user WHERE email ='$email' AND password='$password' ";
$result = mysqli_query($db,$query);
$row = mysqli_fetch_assoc($result);
if(mysqli_num_rows($result)){
$_SESSION['email'] = $email;
$_SESSION['username'] = $row['username'];
$_SESSION['success'] = "Login com sucesso";
header('location: page1.php');
}else{
array_push($errors, "Email e/ou Password incorretos.");
}
}
}
if (isset($_POST['submit'])) {
$Marca = mysqli_real_escape_string($db, $_POST['Marca']);
$Modelo = mysqli_real_escape_string($db, $_POST['Modelo']);
$Cilindrada = mysqli_real_escape_string($db, $_POST['Cilindrada']);
$Potência = mysqli_real_escape_string($db, $_POST['Potência']);
$Combustivel = mysqli_real_escape_string($db,$_POST['Combustivel']);
$Matricula = mysqli_real_escape_string($db,$_POST['Matricula']);
$Categoria = mysqli_real_escape_string($db,$_POST['Categoria']);
$Tipo = mysqli_real_escape_string($db,$_POST['Tipo']);
$Motor= mysqli_real_escape_string($db,$_POST['Motor']);
$Ano = mysqli_real_escape_string($db,$_POST['Ano']);
$query = "INSERT INTO carros (Marca, Modelo, Cilindrada, Potência, Combustivel,
Matricula, Categoria, Tipo, Motor, Ano) VALUES ('$Marca' , '$Modelo' , '$Cilindrada' , '$Potência' , '$Combustivel', '$Matricula' ,
'$Categoria' , '$Tipo', '$Motor', '$Ano')";
mysqli_query($db,$query);
header('location: page1.php');
}
?>
用户注册后的表单
<?php
include('server/server.php')
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>CarSolve</title>
<link rel="stylesheet" href="css/background.css" type="text/css">
<link rel="stylesheet" href="css/carro.css" type="text/css">
<link rel="stylesheet" href="https://use.typekit.net/fqq3ceb.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<div class="container">
<div class="screen">
<div class="conteudo">
<div class="login">
<form method="post" action="carro.php">
<div id="page" style="display:block">
<h4>Vamos registar<br> o seu carro.</h4>
<p>Informação disponível no Certificado de Matrícula.</p>
<div id="input-login">
<input class="input" type="text" name="Marca" id="Marca"placeholder="Marca (D.1)" required>
</div>
<div id="input-login">
<input class="input" type="text" name="Modelo" placeholder="Modelo (D.2)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Cilindrada" placeholder="Cilindrada (P.1)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Potência" placeholder="Potência útil máxima (P.2)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Combustivel" placeholder="Combustível (P.3)" required>
</div>
<div class="seguinte" >
<a href="javascript:SwapDivsWithClick('page','page2')" class="button">Seguinte</a>
</div>
</div>
<div id="page2" style="display:none">
<h4>Está quase<br> a terminar!</h4>
<p>Informação disponível no Certificado de Matrícula.</p>
<div id="input-login">
<input class="input" type="text" name="Matricula" placeholder="Número de matrícula (A)" required>
</div>
<div id="input-login">
<input class="input" type="text" name="Categoria" placeholder="Categoria nacional (J.1)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Tipo" placeholder="Tipo de veículo (J.2)" required>
</div>
<div class="input-login">
<input class="input" type="text" name="Motor" placeholder="Regime Nominal (P.4) " required >
</div>
<div class="input-login">
<input class="input" type="text" name="Ano" placeholder="Ano do Carro" required >
</div>
<div class="seguinte1">
<button type="submit" name="submit" class="button2">Seguinte</button>
</div>
<div class="anterior">
<a href="javascript:SwapDivsWithClick('page2','page')" class="button1">Anterior</a>
</div>
</div>
</form>
<img src="Imagens/onda2.svg" alt="logo" class="fundo1">
<img src="Imagens/onda1.svg" alt="logo" class="fundo">
</div>
</div>
</div>
<script type="text/javascript">
function SwapDivsWithClick(div1,div2)
{
d1 = document.getElementById(div1);
d2 = document.getElementById(div2);
if( d2.style.display == "none" )
{
d1.style.display = "none";
d2.style.display = "block";
}
else
{
d1.style.display = "block";
d2.style.display = "none";
}
}
</script>
</body>
</html>
有很多方法可以实现这一点。我会给你一些起点,但我建议你进一步探索这些,从可用性的角度找出最有效的方法,然后以此为基础。
另请注意我最后关于绑定 SQL 查询的观点。非常重要。
选项 1:使用 $_SESSION[] 变量
我注意到您在代码中使用了 $_SESSION['success'] = "";,因此您熟悉 $_SESSION[] 变量。您可以为 $_SESSION['email'] 赋值,然后在用户提交第二个表单后检查该变量,并使用它将数据与该电子邮件相关联:
$_SESSION['email'] = mysqli_real_escape_string($db, $_POST['email']);
选项 2:使用 <input type = "hidden">
在此选项中,您可以根据第一个表单中的用户详细信息在第二个表单中创建隐藏的 <input> 字段。例如:
<?php
$email = mysqli_real_escape_string($db, $_POST['$email']);
$phone = mysqli_real_escape_string($db, $_POST['$email']);
?>
<input type="hidden" name="email" value="<?=$email;>">
<input type="hidden" name="email" value="<?=$phone;>">
选项 3:使用令牌
这有点复杂,但我会解释为什么我建议这样做。您可以在第一个表单中生成一个随机令牌并提交,然后在数据库的新列中将其与其余 sql 查询一起添加。
使用此标记作为选项 2 中的隐藏项,将数据从表格 1 连接到表格 2。
因此,在表格 1 中,您将如下所示:
<form name="form1" method="POST" action="form2?token=<?=rndtoken;?>">
如果您想在填写完表单 1 后向用户发送一封电子邮件,其中包含 link 以继续填写表单,则此选项很有用。你会发送一个 link 像 continueregistering.php?token=thisismyrandomtokencompletelyuniquetothisuser 然后检查令牌使用:
$_GET['token']
...所以有几种不同的方法,还有更多。值得探索每一个并了解每一个的作用、工作原理以及如何将其应用于您的网站。
确保你检查了 PHP 的 isset() 函数,这样你就可以检查变量是否存在,以防有人不通过表格 1 就跳转到表格 2:
https://www.php.net/manual/en/function.isset.php
终点(非常重要)
请了解准备好的 SQL 语句。现在,您在 SQL 语句中使用了 email = '$email" 和 password = "password" 之类的东西。这使您的站点很容易受到插入数据库和站点的恶意代码的影响。我明白了您在 PHP 编程初期的印象,但这确实是必须学习的,所以请看一看:
https://www.php.net/manual/en/mysqli-stmt.bind-param.php
最后,您需要在将密码放入数据库之前对其进行哈希处理。现在您将它们作为纯文本插入。因此,如果我掌握了您的用户数据库,我可以看到您的密码是 mypassword123。
散列密码,对密码应用数学算法对其进行加密,这样黑客就看不到实际密码。您可以在这里找到更多信息:
https://www.php.net/manual/en/function.password-hash.php
如果您需要任何进一步的帮助,请告诉我。