【发布时间】:2018-10-19 10:37:54
【问题描述】:
如果满足条件,如何将数据从 FORM 插入 mysql。
这些是我的代码。
$sql0检查类似数据是否已经存在
$sql1向mysql插入数据
$wirebname = mysqli_real_escape_string($conn, $_POST["wirebname"]);
$wireaccname = mysqli_real_escape_string($conn, $_POST["wireaccname"]);
$wireacno = mysqli_real_escape_string($conn, $_POST["wireacno"]);
$wirebranchnumber = mysqli_real_escape_string($conn, $_POST["wirebranchnumber"]);
$swift = mysqli_real_escape_string($conn, $_POST["swift"]);
$route = mysqli_real_escape_string($conn, $_POST["route"]);
$state = mysqli_real_escape_string($conn, $_POST["state"]);
$country = mysqli_real_escape_string($conn, $_POST["country"]);
$id = $_SESSION['loggedIn_cust_id'];
$sql0 = "
SELECT wire_benef_id
FROM wire_beneficiary".$id."
WHERE wirebname='".$wirebname."'
AND wireaccname='".$wireaccname."'
AND wireacno='".$wireacno."'
AND swift='".$swift."'
AND route='".$route."'
";
$result = $conn->query($sql0);
$success = 0;
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$wire_account_number = $row["wireacno"];
if ($wireacno != $wire_account_number) {
$sql1 = "INSERT INTO wire_beneficiary".$id."
VALUES(
NULL,
'$wirebname',
'$wireaccname',
'$wireacno',
'$wirebranchnumber',
'$swift',
'$route',
'$state'
'$country',
)
";
if (($conn->query($sql1) === TRUE)) {
$success = 1;
}
} else {
$success = -1;
}
}
如果帐号已经存在,我想打印一个错误
如果不是,应该写入数据库。
<?php
if ($success == 1) { ?>
<p id="info"><?php echo "Beneficiary successfully added !\n"; ?></p>
<?php } ?>
【问题讨论】:
-
您的代码对 sql 注入开放。尝试使用 pdo 或准备好的语句
-
我会,但你能告诉我如何插入数据吗??
-
当您通过
select查询检索所需行时,为什么要使用双重检查 -
if ($wireacno != $wire_account_number) {总是假的 -
我已经更新了我的答案。现在试试吧
标签: php mysql database if-statement insert