Save member information to DB.
After the registration form created in the previous lesson, let's create a function that saves the entered values to the DB.
How to make is also very simple. It takes the values and executes the insert into statement.
Then let's make it.
/htodcs/myProject/member/memberSave.php
<?php include "../include/dbConnect.php"; $memberId = $_POST['memberId']; $memberName = $_POST['memberName']; $memberPw = $_POST['memberPw']; $memberPw2 = $_POST['memberPw2']; $memberNickName = $_POST['memberNickName']; $memberEmailAddress = $_POST['memberEmailAddress']; $memberBirthDay = $_POST['memberBirthDay']; //revalidate in PHP //duplicate ID check. $sql = "SELECT * FROM member WHERE userId = '{$memberId}'"; $res = $dbConnect->query($sql); if($res->num_rows >= 1){ echo 'Please Write Different ID'; exit; } //make sure password matches if($memberPw !== $memberPw2){ echo 'Passwords do not match.'; exit; }else{ //Encrypt password. $memberPw = sha1($memberPw); } //nickname, birthday and name are not empty if($memberNickName == '' || $memberBirthDay == '' || $memberName == ''){ echo 'No birthday, name or nickname value.'; } //email address is correct $checkEmailAddress = filter_var($memberEmailAddress, FILTER_VALIDATE_EMAIL); if($checkEmailAddress != true){ echo "Not a valid email address."; exit; } //input db $sql = "INSERT INTO member(userId, name, nickname, password, email, birthday) "; $sql .= "VALUES('{$memberId}','{$memberName}','{$memberNickName}','{$memberPw}','{$memberEmailAddress}','{$memberBirthDay}');"; if($dbConnect->query($sql)){ echo "<script>alert('Thank you. Please SignIn.');location.href='/myProject/';</script>"; }else{ echo 'Sign up failed'; } ?>
atom
I'll explain the sauce. Once you receive the data.
$memberId = $_POST['memberId']; $memberName = $_POST['memberName']; $memberPw = $_POST['memberPw']; $memberPw2 = $_POST['memberPw2']; $memberNickName = $_POST['memberNickName']; $memberEmailAddress = $_POST['memberEmailAddress']; $memberBirthDay = $_POST['memberBirthDay'];
We previously used javascript to check for duplicate IDs, password matches, and so on.
But here we have to recreate that feature. In PHP.
Why should you do this?
JavaScript is a client-side language.
Client-side languages can be manipulated to any number of sources via Chrome Inspector.
In other words, we can skip the features we've created and go straight away, of course, it's a bad guy who knows the web.
To prevent these people from doing so, PHP goes through the process once more.
// revalidate in PHP // duplicate ID check. $sql = "SELECT * FROM member WHERE memberId = '{$memberId}'"; $res = $dbConnect->query($sql); if($res->num_rows >= 1){ echo 'Please Write Different ID'; exit; } // make sure password matches if($memberPw !== $memberPw2){ echo 'Passwords do not match'; exit; }else{ //nickname, birthday and name are not empty $memberPw = sha1($memberPw); } //nickname, birthday and name are not empty if($memberNickName == '' || $memberBirthDay == '' || $memberName == ''){ echo 'No birthday, name or nickname value.'; exit; } //email address is correct $checkEmailAddress = filter_var($memberEmailAddress, FILTER_VALIDATE_EMAIL); if($checkEmailAddress != true){ echo "Not a valid email address."; exit; }
As in the source above, the ID is duplicated, the password is matched, and there is a blank value.
People caught in the above method is because they entered the abnormal path anyway, so they do not create an action when they do something different, they just exit.
I do, but you can do it the way you want.
Check the password and if the password matches
$memberPw = sha1($memberPw);
I put a value in a function called sha1.
These passwords are encrypted.
When you create a web service, your customers' passwords shouldn't be in the DB. If a bad person hacks your DB,
it's a big deal if an unencrypted password breaks in.
To do this, the password must be changed and stored by something that neither the developer, the company owner, nor the owner of the password knows. Unconditional.
However, some junky companies often store them without encryption. So be careful.
And save all of the above steps.
//input db $sql = "INSERT INTO member(userId, name, nickname, password, email, birthday) "; $sql .= "VALUES('{$memberId}','{$memberName}','{$memberNickName}','{$memberPw}','{$memberEmailAddress}','{$memberBirthDay}');"; if($dbConnect->query($sql)){ echo "<script>alert('Thank you. Please SignIn.');location.href='/myProject/';</script>"; }else{ echo 'Sign up failed'; }
Voila, you can save like this.