将数据添加到注册表

Question

好了，以便在制作基于pokemon浏览器的游戏过程中，即使在用户注册到我的网站时也会遇到麻烦，他们会获得他们选择的初学者口袋妖怪。除了它为用户提供宠物小精灵的部分之外，我拥有所有的工作，现在它将小宠物输入到数据库中，但它不会为注册它的用户赋予宠物小精灵空闲属性。有点难以解释。

这是我的代码的一部分，它将数据输入到存储所有用户pokemon的表中。

<?php 

if ($_POST['starter'] == '1') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '2') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '3') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '4') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '5') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '6') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '7') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '8') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '9') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '10') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '11') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '12') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 
?> 

，我想不通的事情是如何使它因此它需要用户与注册名称，并把它在的地方。$ _ SESSION [“用户名”。我知道这是行不通的，因为这个人还没有登录，因为他们还在注册。

这是我的表格。

<form action="" method="post"> 
     <div align="center"> 
      <ul> 
      <p></p> 
       Username* <br> 
       <input type="text" name="username"> 

      <p></p> 
       Password*<br> 
       <input type="password" name="password"> 

      <p></p> 
       Password again*<br> 
       <input type="password" name="password_again"> 

      <p></p> 
       First name<br> 
       <input type="text" name="first_name"> 

      <p></p> 
       Last name<br> 
       <input type="text" name="last_name"> 

      <p></p> 
       Email*<br> 
       <input type="text" name="email"> 

      <p></p> 
       Starter*<br> 
       <select name="starter" id="" > 
       <option value="1">Bulbasaur</option> 
       <option value="2">Charmander</option> 
       <option value="3">Squirtle</option> 
       <option value="4">Chikorita</option> 
       <option value="5">Cyndaquil</option> 
       <option value="6">Totodile</option> 
       <option value="7">Treecko</option> 
       <option value="8">Torchic</option> 
       <option value="9">Mudkip</option> 
       <option value="10">Turtwig</option> 
       <option value="11">Chimchar</option> 
       <option value="12">Piplup</option> 
       </select> 

       <p></p> 
       <input type="submit" value="Register"> 

      </ul> 
      </div> 
     <ul> 
     </ul> 
</form> 

对不起了巨大的问题，但任何帮助，将不胜感激:)

Answer 1

有很多在你的代码加以改进。但这是一个快速修复：

<?php 

if ($_POST['starter'] == '1') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '2') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '3') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '4') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '5') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '6') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '7') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '8') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '9') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '10') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '11') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 

if ($_POST['starter'] == '12') { 
mysql_query("INSERT INTO user_pokemon 
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal') 
") or die(mysql_error()); 
} 
?> 

这假定您的帖子是从您的页面上的表单提交的。就像别人说的，学习PDO：http://php.net/manual/en/book.pdo.php

您当前的代码很容易受到SQL注入：http://en.wikipedia.org/wiki/SQL_injection

说不好。

Answer 2

男人，真的看起来像你是PHP新手，所以让我提供一些建议。

1. 在查询中使用$ _POST/$ _ GET值？不要这样做。永远不要相信用户。 Learn why.

你必须假设你的访问者是一个疯子连环杀手，拿出来 摧毁你的应用程序。你必须防止它。

1. 清理你的代码。正如其他人所建议的，循环/开关可能会帮助您
2. 对于您的项目而言可能为时过早，但尝试移动OOP。 （即使有时看起来像一个矫枉过正的缺点是低的优点有很多）

顺便说一句，这应该做的伎俩，利用PDO：

$dbh = new PDO('mysql:dbname=YOURDBNAME;host=localhost', $db_user, $db_passwd); 
// Get the choosen starter pokemon 
$starter = $_POST['starter']; 
$pokemons = array(
    1 => 'Bulbasaur', 
    2 => 'Charmander', 
    //[.. and so on..] 
); 

// check if choosed pokemon is available 
if(!in_array($starter, $pokemons)) 
{ 
    // Pokemon not available, throw exception, error, die(), whatever 
} 
else 
{ 
    // Insert the pokemn into the db 
    $insert = $dbh->prepare("INSERT INTO user_pokemon (pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES (:pokemon, :user, 100,:time ,1, 5 ,'Normal')"); 

    $user_name = $_POST['username']; // what about check the username? Sanitization, etc.. 

    if($insert->execute(array(':pokemon' => $pokemons[$starter], ':user' => $user_name, ':time' => time()))) 
    { 
     // Success! 
    } 
    else 
    { 
     // Error! 
     $error = $insert->errorInfo(); 
     print_r("There was an error: \ncode: %s\nmessage:%s", $error[1], $error[2]); 
    } 
}