2013-01-04 167 views
0

好了,以便在製作基於pokemon瀏覽器的遊戲過程中,即使在用戶註冊到我的網站時也會遇到麻煩,他們會獲得他們選擇的初學者口袋妖怪。除了它爲用戶提供寵物小精靈的部分之外,我擁有所有的工作,現在它將小寵物輸入到數據庫中,但它不會爲註冊它的用戶賦予寵物小精靈空閒屬性。有點難以解釋。將數據添加到註冊表

這是我的代碼的一部分,它將數據輸入到存儲所有用戶pokemon的表中。

<?php 

if ($_POST['starter'] == '1') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '2') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '3') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '4') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '5') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '6') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '7') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '8') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '9') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '10') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '11') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '12') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 
?> 

,我想不通的事情是如何使它因此它需要用戶與註冊名稱,並把它在的地方。$ _ SESSION [「用戶名」。我知道這是行不通的,因爲這個人還沒有登錄,因爲他們還在註冊。

這是我的表格。

<form action="" method="post"> 
     <div align="center"> 
      <ul> 
      <p></p> 
       Username* <br> 
       <input type="text" name="username"> 

      <p></p> 
       Password*<br> 
       <input type="password" name="password"> 

      <p></p> 
       Password again*<br> 
       <input type="password" name="password_again"> 

      <p></p> 
       First name<br> 
       <input type="text" name="first_name"> 

      <p></p> 
       Last name<br> 
       <input type="text" name="last_name"> 

      <p></p> 
       Email*<br> 
       <input type="text" name="email"> 

      <p></p> 
       Starter*<br> 
       <select name="starter" id="" > 
       <option value="1">Bulbasaur</option> 
       <option value="2">Charmander</option> 
       <option value="3">Squirtle</option> 
       <option value="4">Chikorita</option> 
       <option value="5">Cyndaquil</option> 
       <option value="6">Totodile</option> 
       <option value="7">Treecko</option> 
       <option value="8">Torchic</option> 
       <option value="9">Mudkip</option> 
       <option value="10">Turtwig</option> 
       <option value="11">Chimchar</option> 
       <option value="12">Piplup</option> 
       </select> 

       <p></p> 
       <input type="submit" value="Register"> 

      </ul> 
      </div> 
     <ul> 
     </ul> 
</form> 

對不起了巨大的問題,但任何幫助,將不勝感激:)

+2

循環。學習[loops](http://php.net/language.control-structures)。和[數組](http://php.net/language.types.array)。 *請*。它不會解決您的直接問題,但它會讓您的代碼更加簡短,更輕鬆。另外:**單挑!** PHP的下一個主要版本是*棄用* mysql_'系列函數。因爲你仍然在學習PHP,所以現在是[切換到PDO](http://php.net/book.pdo)或[mysqli](http://php.net/book.mysqli)的好時機。 。 – Charles

+0

我聞到版權侵犯:( – 2013-01-04 00:54:23

回答

0

有很多在你的代碼加以改進。但這是一個快速修復:

<?php 

if ($_POST['starter'] == '1') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '2') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '3') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '4') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '5') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '6') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '7') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '8') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '9') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '10') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '11') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '12') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 
?> 

這假定您的帖子是從您的頁面上的表單提交的。就像別人說的,學習PDO:http://php.net/manual/en/book.pdo.php

您當前的代碼很容易受到SQL注入:http://en.wikipedia.org/wiki/SQL_injection

說不好。

+0

非常感謝:)我通常有一個人幫助我保護我的代碼和一切,但他們今天在這裏,所以我自己去了,所以我開始學習,我會在我得到它的工作後修復一切。 – Sakai

+0

@ user1908445不客氣。 :) 這是一本很棒的書,如果你想快速學習:http://amzn.com/1449319262 – Leng

1

男人,真的看起來像你是PHP新手,所以讓我提供一些建議。

  1. 在查詢中使用$ _POST/$ _ GET值?不要這樣做。永遠不要相信用戶。 Learn why.

你必須假設你的訪問者是一個瘋子連環殺手,拿出來 摧毀你的應用程序。你必須防止它。

  1. 清理你的代碼。正如其他人所建議的,循環/開關可能會幫助您
  2. 對於您的項目而言可能爲時過早,但嘗試移動OOP。 (即使有時看起來像一個矯枉過正的缺點是低的優點有很多)

順便說一句,這應該做的伎倆,利用PDO

$dbh = new PDO('mysql:dbname=YOURDBNAME;host=localhost', $db_user, $db_passwd); 
// Get the choosen starter pokemon 
$starter = $_POST['starter']; 
$pokemons = array(
    1 => 'Bulbasaur', 
    2 => 'Charmander', 
    //[.. and so on..] 
); 

// check if choosed pokemon is available 
if(!in_array($starter, $pokemons)) 
{ 
    // Pokemon not available, throw exception, error, die(), whatever 
} 
else 
{ 
    // Insert the pokemn into the db 
    $insert = $dbh->prepare("INSERT INTO user_pokemon (pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES (:pokemon, :user, 100,:time ,1, 5 ,'Normal')"); 

    $user_name = $_POST['username']; // what about check the username? Sanitization, etc.. 

    if($insert->execute(array(':pokemon' => $pokemons[$starter], ':user' => $user_name, ':time' => time()))) 
    { 
     // Success! 
    } 
    else 
    { 
     // Error! 
     $error = $insert->errorInfo(); 
     print_r("There was an error: \ncode: %s\nmessage:%s", $error[1], $error[2]); 
    } 
} 
+0

謝謝:)我想我必須去學習這個PDO,因爲每個人似乎都認爲它是需要的:) – Sakai