我有两种用户类型的注册表单,分别是Surveyee和Client。在涉及同一领域时他们有相似之处,但Surveyee有更多。因此,我希望我的Surveyee插入代码避免使用一列,因为它仅适用于客户端usertype。如何在插入PHP时跳过某些表列?
<?php
if(isset($_POST['submit'])){
include("connection.php");
$username = $_POST['username'];
$fullname = $_POST['fullname'];
$email = $_POST['email'];
$age = $_POST['age'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$gender = $_POST['gender'];
$occupation = $_POST['occupation'];
$user = mysqli_query($con, "SELECT username from user WHERE username = '".$username."'");
$count = mysqli_num_rows($user);
if($password != $confirmpassword){
echo "Password does not match!";
}
else{
if($count != 0){
echo "Username already exists!";
}
else{
$insert = mysqli_query($con, "INSERT INTO `user` (`username`,`fullname`,`email`,`companyname`,`age`,`password`,`gender`,`occupation`,`usertype`) VALUES (`$username`,`$fullname`,`$email`,``,`$age`,`$password`,$gender`,`$occupation`,`Surveyee`)");
if(!$insert){
echo mysqli_errno();
}
else{
echo "Records have been saved!";
}
}
}
}
?>
我试图避免列公司名称,但我得到一个错误。警告:mysqli_errno()期望恰好有1个参数,第29行给出的0,即if(!$ insert){echo mysqli_errno(); }部分
$insert = mysqli_query($con, "INSERT INTO `user` (`username`,`fullname`,`email`,`companyname`,`age`,`password`,`gender`,`occupation`,`usertype`) VALUES (`$username`,`$fullname`,`$email`,``,`$age`,`$password`,$gender`,`$occupation`,`Surveyee`)");
if(!$insert){
**切勿将明文密码!**请使用PHP的[内置函数(http://jayblanchard.net/proper_password_hashing_with_PHP.html)来处理密码的安全性。如果您使用的PHP版本低于5.5,则可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。确保你*** [不要越狱密码](http://stackoverflow.com/q/36628418/1011527)***或在哈希之前使用其他任何清理机制。这样做*更改密码并导致不必要的附加编码。 –
[Little Bobby](http://bobby-tables.com/)说*** [你的脚本存在SQL注入攻击风险。](http://stackoverflow.com/questions/60174/how-can- ***)了解[MySQLi](http://php.net/manual)[准备](http://en.wikipedia.org/wiki/Prepared_statement)声明/en/mysqli.quickstart.prepared-statements.php)。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不相信它?](http://stackoverflow.com/q/38297105/1011527) –
插入NULL或为每个用户类型分别查询。 –