dongwang3066 2018-01-04 08:57
浏览 13
已采纳

不向数据库添加数据?

So I am fairly new to php I have some php code that confirms a user has been added into a group and then submits their information into the database but it doesn't seem to be adding all the information

<?php
/* Verifies member being added
*/
require 'db.php';
session_start();

 // Make sure join code and email aren't empty
 if(isset($_GET['joincode']) && !empty($_GET['joincode']) AND isset($_GET['memberemail']) && !empty($_GET['memberemail']))
{ 
$joincode = $link->escape_string($_GET['joincode']);
$memberemail = $link->escape_string($_GET['memberemail']);


  // Select user with matching email
  $result = $link->query("SELECT * FROM logins WHERE Email='$memberemail'");


    if ( $result->num_rows !==1 )
    {
    $_SESSION['message'] = "You need to create an account or the URL is invalid!";

    header("location: error.php");

    }
   else {
    $_SESSION['message'] = "You have been added!";


   while ($id = $result->fetch_assoc()){

    $id['unique_id'];
    }


    $leagueinfo = $link->query("SELECT * FROM leagues WHERE joincode='$joincode'");

    $info = $leagueinfo->fetch_assoc();
      $info['league_id'];
      $info['league_name'];
      $info['start_date'];
      $info['end_date'];




    $sql = "INSERT INTO leagues (unique_id, league_id, league_name, role, start_date, end_date, joincode) "
  . "VALUES ('".$id['unique_id']."','".$info['league_id']."','".$info['league_name']."','MEMBER',
  '".$info['start_date']."','".$info['end_date']."','".$joincode."')";

      mysqli_query($link,$sql);

    //  header("location: success.php");
   }
  }
else {
 $_SESSION['message'] = "Invalid parameters provided for account verification!";
header("location: error.php");
}
  ?>

I've changed the names of the different queries and it's now pulling all information except for the unique_id which echoes out correctly but isn't being added into the database.

  • 写回答

1条回答 默认 最新

  • dongwei1954 2018-01-04 09:02
    关注

    You are overwriting your $row variable when you fetch a result from the $leagueinfo query.

    You should use different names for these result sets.

    Also note that this is a very strange way to get a result set:

    # Why are you using $row = $row = ... ?
while ($row = $row = $result->fetch_assoc()){
    $row['unique_id'];
}

    The line in the loop does not do anything and you you will always end up with $row containing the results of the last iteration of the loop.

    It would make more sense to check if the number of rows is 1 and throw an error if it is not. Then you can simply fetch 1 row without using a loop:

    if ($result->num_rows !== 1) {
    # Handle error for example by throwing an exception
}
# You need an else if you don't return from a method or throw an exception
$row = $result->fetch_assoc();

    You also have an sql injection problem: You are escaping the values for the SELECT statements, but not for the INSERT. I would recommend using prepared statements everywhere instead of using escaping.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 被蓝屏搞吐了,有偿求帮解答,Ai回复直接拉黑
  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角