在 php 中需要关于调节值的帮助 [英] Need help on conditioning value in php

问题描述

如果该 idno 已在 2015 年完成注册，我希望我收到一条错误消息，无需唯一该 idno，因为我必须冗余，因为每年该 idno 都可以在数据库中保存或注册，但问题是我想查看他是否已经在 2015 年或 2016 年或 2017 年注册.

I want that I have an error message if that idno has finish to registered in 2015, No need to unique the idno cause I have to redundant because every year that idno can be save or register on the database but the problem is I want to check if he already registered in 2015 or 2016 or 2017.

这是我保存学生信息的代码:

Here is my code in saving student information:

<?php

if (isset($_POST['save'])){
$stud_id= $_POST['stud_id'];
$idno = $_POST['idno'];
$lastname = $_POST['lastname'];
$firstname = $_POST['firstname'];
$middlename= $_POST['middlename'];
$year= $_POST['year'];
$dept_id = $_POST['dept_id'];
$progid = $_POST['progid'];
$user_type = $_POST['user_type'];
$password= $_POST['password'];
$syear= $_POST['syearid'];
$YearNow=Date('Y');

$sql = mysql_query("SELECT * FROM student where idno = '$idno'")or die(mysql_error());
$count = mysql_num_rows($sql);

$sql1 = mysql_query("SELECT * FROM student,school_year where    student.syearid = school_year.syearid AND school_year.from_year like $YearNow")or die(mysql_error());
$count1 = mysql_num_rows($sql1);


 if (don't know what to condition on this part ) {
    echo"idno $idno has already registered in that year";

}
else{

// query
$sql = "INSERT INTO student VALUES ('$stud_id','$idno','$dept_id','$progid','$syear','0','$lastname','$firstname','$middlename','$year','$password','$user_type')";
$result = mysql_query($sql) or die(mysql_error());



echo "<script type='text/javascript'>\n";
echo "alert('Successfully Added.');\n";
echo "window.location = 'addusers.php';";
echo "</script>";
}

?>

我需要帮助来调节，我需要帮助.谢谢

I need help to condition please I need help. Thanks

School_year 表有(syearid(unique), from_year(2015), to_year(like 2016))

School_year table has(syearid(unique), from_year(2015), to_year(like 2016))

推荐答案

在将变量绑定到查询之前先清理它，以防止某些 SQL 注入.您可以使用 *_real_escape_string:

Sanitize first your variables before you bind it to your query to prevent some of the SQL injections. You can use *_real_escape_string:

$lastname = mysql_real_escape_string($_POST['lastname']);

为其余传递的数据执行此操作.

Do it for the rest of the passed on data.

对于你的 if() 条件，你可以这样做(正如@chris85 已经指出的):

And for your if() condition, you can do this (as pointed out already by @chris85):

if($count >= 1 || $count1 >= 1){

  echo "idno $idno has already registered in that year";

}

并且请不要使用 mysql_* API 因为它已经是 已弃用，应使用 mysqli_* 或 PDO 代替.

And please refrain from using mysql_* API because it is already deprecated, and should use mysqli_* or PDO instead.

这篇关于在 php 中需要关于调节值的帮助的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！