如何通过 SQL 选择要保存到的数据库
How to choose what database to save to via SQL
我想创建一个登录屏幕,用户可以通过单选按钮根据自己的职业选择要保存到哪个数据库。我已经解决了大部分错误,但这些错误:
Notice: Undefined variable: sqlinsert in C:\xampp\htdocs\project\save.php on line 34
Warning: mysqli_query(): Empty query in C:\xampp\htdocs\project\save.php on line 34
拒绝离开。
这是我的 Html:
<form method="post" action="http://localhost/project/save.php">
<legend align="left">Login</legend>
<input type="text" placeholder="Username" name="uname"><br>
<input type="password" placeholder="Password" name="password"><br>
<p>
<label>
<input type="radio" name="dbchoice" value="admin" id="RadioGroup1_0">
Admin</label>
<br>
<label>
<input type="radio" name="dbchoice" value="expert" id="RadioGroup1_1">Mental health experts</label>
<br>
</p>
<input type="submit" value="Save" name="save">
<input type="reset" value="Cancel">
</form>
这是我的 PHP:
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$db = "project";
//connect to the database using procedural method
$dbconnect = mysqli_connect($hostname,$username,$password,$db);
if(!$dbconnect){
echo "an error occured while connecting to the database";
}
if(isset($_POST['save'])){
//get values from the form
$username = $_POST['uname'];
$password = $_POST['password'];
//write the SQL STATEMENT FOR SAVING - INSERT
if (isset($dbchoice) && $dbchoice==$_POST["admin"]) {
$sqlinsert = "INSERT INTO administrator
(username, password)
VALUES('$username','$password')";
}elseif (isset($dbchoice) && $dbchoice==$_POST["expert"]){
$sqlinsert = "INSERT INTO experts
(username, password)
VALUES('$username','$password')";
}else{
echo "An error occured while writing to database.";
}
if(mysqli_query($dbconnect,$sqlinsert)){
echo "<script type='text/javascript'> alert('Data saved successfully');</script>";
header('location: index.php');
}else{
echo "An error occured while saving";
}
//close the connection
mysqli_close($dbconnect);
}else{
header('location: index.php');
}
?>
您错误地尝试将变量 $dbchoice 与不存在的 POST 字段进行比较 $dbchoice==$_POST["admin"] - 字段为 dbchoice 但值为 admin
您需要测试这些字段是否存在于 POST 数组中,并当且仅当它们存在时才分配为变量 - 也许这可能会有所帮助。另外 - 如果应该使用默认值 table 然后将该单选按钮设置为 selected 也许?!
切勿将未经处理的用户输入视为安全 - 不要像此处那样在 SQL 语句中使用它,始终使用具有正确绑定参数的 prepared statement。
<?php
error_reporting(E_ALL);
if (isset($_POST['save'], $_POST['uname'], $_POST['password'], $_POST['dbchoice'])) {
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$hostname = "localhost";
$username = "root";
$password = "";
$db = "project";
$dbconnect = mysqli_connect($hostname, $username, $password, $db);
$username = $_POST['uname'];
$password = $_POST['password'];
$dbchoice = $_POST['dbchoice'];
switch ($dbchoice) {
case 'admin':
$sql = 'insert into `administrator` (`username`, `password`) values (?,?)';
break;
case 'expert':
$sql = 'insert into `experts` (`username`, `password`) values( ?,? )';
break;
default:
$sql = false;
break;
}
if ($sql) {
$stmt = $dbconnect->prepare($sql);
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
header('Location: index.php');
exit;
}
}
我想创建一个登录屏幕,用户可以通过单选按钮根据自己的职业选择要保存到哪个数据库。我已经解决了大部分错误,但这些错误:
Notice: Undefined variable: sqlinsert in C:\xampp\htdocs\project\save.php on line 34
Warning: mysqli_query(): Empty query in C:\xampp\htdocs\project\save.php on line 34
拒绝离开。 这是我的 Html:
<form method="post" action="http://localhost/project/save.php">
<legend align="left">Login</legend>
<input type="text" placeholder="Username" name="uname"><br>
<input type="password" placeholder="Password" name="password"><br>
<p>
<label>
<input type="radio" name="dbchoice" value="admin" id="RadioGroup1_0">
Admin</label>
<br>
<label>
<input type="radio" name="dbchoice" value="expert" id="RadioGroup1_1">Mental health experts</label>
<br>
</p>
<input type="submit" value="Save" name="save">
<input type="reset" value="Cancel">
</form>
这是我的 PHP:
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$db = "project";
//connect to the database using procedural method
$dbconnect = mysqli_connect($hostname,$username,$password,$db);
if(!$dbconnect){
echo "an error occured while connecting to the database";
}
if(isset($_POST['save'])){
//get values from the form
$username = $_POST['uname'];
$password = $_POST['password'];
//write the SQL STATEMENT FOR SAVING - INSERT
if (isset($dbchoice) && $dbchoice==$_POST["admin"]) {
$sqlinsert = "INSERT INTO administrator
(username, password)
VALUES('$username','$password')";
}elseif (isset($dbchoice) && $dbchoice==$_POST["expert"]){
$sqlinsert = "INSERT INTO experts
(username, password)
VALUES('$username','$password')";
}else{
echo "An error occured while writing to database.";
}
if(mysqli_query($dbconnect,$sqlinsert)){
echo "<script type='text/javascript'> alert('Data saved successfully');</script>";
header('location: index.php');
}else{
echo "An error occured while saving";
}
//close the connection
mysqli_close($dbconnect);
}else{
header('location: index.php');
}
?>
您错误地尝试将变量 $dbchoice 与不存在的 POST 字段进行比较 $dbchoice==$_POST["admin"] - 字段为 dbchoice 但值为 admin
您需要测试这些字段是否存在于 POST 数组中,并当且仅当它们存在时才分配为变量 - 也许这可能会有所帮助。另外 - 如果应该使用默认值 table 然后将该单选按钮设置为 selected 也许?!
切勿将未经处理的用户输入视为安全 - 不要像此处那样在 SQL 语句中使用它,始终使用具有正确绑定参数的 prepared statement。
<?php
error_reporting(E_ALL);
if (isset($_POST['save'], $_POST['uname'], $_POST['password'], $_POST['dbchoice'])) {
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$hostname = "localhost";
$username = "root";
$password = "";
$db = "project";
$dbconnect = mysqli_connect($hostname, $username, $password, $db);
$username = $_POST['uname'];
$password = $_POST['password'];
$dbchoice = $_POST['dbchoice'];
switch ($dbchoice) {
case 'admin':
$sql = 'insert into `administrator` (`username`, `password`) values (?,?)';
break;
case 'expert':
$sql = 'insert into `experts` (`username`, `password`) values( ?,? )';
break;
default:
$sql = false;
break;
}
if ($sql) {
$stmt = $dbconnect->prepare($sql);
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
header('Location: index.php');
exit;
}
}