Nick
Reputation: 213
Adding data to table on registration
Ok so im in the middle of making a pokemon browser based game, and im having trouble making it so when a user registers to my site, they gain a starter pokemon that they choose. I have it all working except for the part where it gives the user the pokemon, right now it enters the pokemon into the database but it does not give the pokemon to the user who registers it leaves the belongsto field empty. kinda hard for me to explain.
Here is the part of my code that enters the data to the table that stores all users pokemon.
<?php
if ($_POST['starter'] == '1' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '2' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '3' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '4' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '5' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '6' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '7' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '8' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '9' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '10' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '11' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '12' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_SESSION['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
?>
The thing that I can't figure out is how to make it so it takes the name that the user is registering with and puts it in place of .$_SESSION['username']. I know that won't work because the person isn't signed in yet because they are still registering.
Here is my form.
<form action="" method="post">
<div align="center">
<ul>
<p></p>
Username* <br>
<input type="text" name="username">
<p></p>
Password*<br>
<input type="password" name="password">
<p></p>
Password again*<br>
<input type="password" name="password_again">
<p></p>
First name<br>
<input type="text" name="first_name">
<p></p>
Last name<br>
<input type="text" name="last_name">
<p></p>
Email*<br>
<input type="text" name="email">
<p></p>
Starter*<br>
<select name="starter" id="" >
<option value="1">Bulbasaur</option>
<option value="2">Charmander</option>
<option value="3">Squirtle</option>
<option value="4">Chikorita</option>
<option value="5">Cyndaquil</option>
<option value="6">Totodile</option>
<option value="7">Treecko</option>
<option value="8">Torchic</option>
<option value="9">Mudkip</option>
<option value="10">Turtwig</option>
<option value="11">Chimchar</option>
<option value="12">Piplup</option>
</select>
<p></p>
<input type="submit" value="Register">
</ul>
</div>
<ul>
</ul>
</form>
Im sorry for the giant question but any help would be greatly appreciated :)
Upvotes: 0
Views: 92
Answers (2)
Strae
Reputation: 19445
Man, really looks like you are new at PHP so let me give few advices.
- Using $_POST/$_GET values in a query? Dont do that. Never trust the user. Learn why.
You HAVE to assume your visitor is a maniac serial killer, out to destroy your application. And you have to prevent it.
- Clean your code. As others suggested, loops/switch may help you
- Maybe is too early for your project, but try to move OOP. (even if sometimes looks like a overkill, the downsides are low and the advantages are big)
By the way, this should do the trick, using PDO:
$dbh = new PDO('mysql:dbname=YOURDBNAME;host=localhost', $db_user, $db_passwd);
// Get the choosen starter pokemon
$starter = $_POST['starter'];
$pokemons = array(
1 => 'Bulbasaur',
2 => 'Charmander',
//[.. and so on..]
);
// check if choosed pokemon is available
if(!in_array($starter, $pokemons))
{
// Pokemon not available, throw exception, error, die(), whatever
}
else
{
// Insert the pokemn into the db
$insert = $dbh->prepare("INSERT INTO user_pokemon (pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES (:pokemon, :user, 100,:time ,1, 5 ,'Normal')");
$user_name = $_POST['username']; // what about check the username? Sanitization, etc..
if($insert->execute(array(':pokemon' => $pokemons[$starter], ':user' => $user_name, ':time' => time())))
{
// Success!
}
else
{
// Error!
$error = $insert->errorInfo();
print_r("There was an error: \ncode: %s\nmessage:%s", $error[1], $error[2]);
}
}
Upvotes: 1
Leng
Reputation: 2998
There is much to be improved in your code. But here is a quick fix:
<?php
if ($_POST['starter'] == '1' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Bulbasaur','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '2' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Charmander','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '3' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Squirtle','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '4' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chikorita','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '5' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Cyndaquil','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '6' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Totodile','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '7' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Treecko','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '8' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Torchic','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '9' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Mudkip','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '10' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Turtwig','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '11' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Chimchar','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
if ($_POST['starter'] == '12' ) {
mysql_query("INSERT INTO user_pokemon
(pokemon, belongsto, exp, time_stamp, slot, level,type) VALUES('Piplup','".$_POST['username']."', 100,'".time()."','1' ,'5','Normal' )
") or die(mysql_error());
}
?>
This assumes that your post is submitted from that form on your page. Like someone else said, learn PDO: http://php.net/manual/en/book.pdo.php
Your current code is prone to SQL injection: http://en.wikipedia.org/wiki/SQL_injection
That is NOT good.
Upvotes: 0
Related Questions
- Registration not inserting data
- php registration form
- PHP Registration Script - Insert Data
- PHP Registration Form - SQL
- Creating tables on registration in php
- Registration function
- Insert data PHP/PDO for user registration
- Inserting rows into MySQL database from registration page
- Creating a MySQL table upon user registration
- Insert Registration Data in MySQL using PHP