Issue
I have two tables, user log that is where the people make a register with their email and password, and another table with the name user where the people make complete their own profile.
How can I make with an SQL query to insert the data that is inserted in the form?
Taking into account that table user makes reference with table user log with the id...
I mean
User log
Id
Email
Password
User
Id
User_id fk id reference userlog(id)
Name
Surname
This is the code which I made the log in
<?php
session_start();
if (isset($_SESSION['usuario'])) {
header('Location: index.php');
}
$errores = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$email = filter_var(strtolower($_POST['email']), FILTER_SANITIZE_STRING);
$password = $_POST['password'];
$password = hash('sha512', $password);
try {
$conexion = new PDO('mysql:host=localhost;dbname=DATABASE, 'USER', 'PASS');
} catch (PDOException $e) {
echo "Error:" . $e->getMessage();;
}
$statement = $conexion->prepare('
SELECT * FROM userlog WHERE email = :email AND password = :password'
);
$statement->execute(array(
':email' => $email,
':password' => $password
));
$resultado = $statement->fetch();
if ($resultado !== false) {
$_SESSION['usuario'] = $resultado;
header('Location: index.php');
} else {
$errores .= '<li>Datos Incorrectos</li>';
}
}
I make a var_dump() to see what the array in $resultado bring, and it bring me the data of the table, but, when I want to use the data to fill an input it fails
Solution
If your data will be coming from POST method, please always use precautions to avoid SQL injection..
I will be using a very elementary example. You can enhance this one for your own use.
$servername = "localhost";
$username = "yourUser";
$password = "yourPass";
$dbname = "youtDB";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$sql = "INSERT INTO Userlog (email, password)
VALUES ('some_email@example.com', 'some_safe_password')";
$conn->exec($sql);
$last_id = $conn->lastInsertId();
$userSql = "INSERT INTO Userlog (userId, name, lastName) VALUES ($last_id, 'some_name', 'some_lastName')";
$conn->exec($userSql);
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
Answered By - C. Norris
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.