QUIZGUM

Coding Class

Quizgum : Project 1-5 : Save member information to DB.

Save member information to DB.

After the registration form created in the previous lesson, let's create a function that saves the entered values ​​to the DB.
How to make is also very simple. It takes the values ​​and executes the insert into statement.
Then let's make it.

/htodcs/myProject/member/memberSave.php

  1. <?php
  2.     include "../include/dbConnect.php";
  3.  
  4.     $memberId = $_POST['memberId'];
  5.     $memberName = $_POST['memberName'];
  6.     $memberPw = $_POST['memberPw'];
  7.     $memberPw2 = $_POST['memberPw2'];
  8.     $memberNickName = $_POST['memberNickName'];
  9.     $memberEmailAddress = $_POST['memberEmailAddress'];
  10.     $memberBirthDay = $_POST['memberBirthDay'];
  11.  
  12.     //revalidate in PHP
  13.  
  14.     //duplicate ID check.
  15.     $sql = "SELECT * FROM member WHERE userId = '{$memberId}'";
  16.     $res = $dbConnect->query($sql);
  17.     if($res->num_rows >= 1){
  18.         echo 'Please Write Different ID';
  19.         exit;
  20.     }
  21.  
  22.     //make sure password matches
  23.     if($memberPw !== $memberPw2){
  24.         echo 'Passwords do not match.';
  25.         exit;
  26.     }else{
  27.         //Encrypt password.
  28.         $memberPw = sha1($memberPw);
  29.     }
  30.  
  31.     //nickname, birthday and name are not empty
  32.     if($memberNickName == '' || $memberBirthDay == '' || $memberName == ''){
  33.         echo 'No birthday, name or nickname value.';
  34.     }
  35.  
  36.     //email address is correct
  37.     $checkEmailAddress = filter_var($memberEmailAddress, FILTER_VALIDATE_EMAIL);
  38.  
  39.     if($checkEmailAddress != true){
  40.         echo "Not a valid email address.";
  41.         exit;
  42.     }
  43.  
  44.     //input db
  45.     $sql = "INSERT INTO member(userId, name, nickname, password, email, birthday) ";
  46.     $sql .= "VALUES('{$memberId}','{$memberName}','{$memberNickName}','{$memberPw}','{$memberEmailAddress}','{$memberBirthDay}');";
  47.  
  48.     if($dbConnect->query($sql)){
  49.         echo "<script>alert('Thank you. Please SignIn.');location.href='/myProject/';</script>";
  50.     }else{
  51.         echo 'Sign up failed';
  52.     }
  53. ?>

atom

php image

I'll explain the sauce. Once you receive the data. 

  1. $memberId = $_POST['memberId'];
  2. $memberName = $_POST['memberName'];
  3. $memberPw = $_POST['memberPw'];
  4. $memberPw2 = $_POST['memberPw2'];
  5. $memberNickName = $_POST['memberNickName'];
  6. $memberEmailAddress = $_POST['memberEmailAddress'];
  7. $memberBirthDay = $_POST['memberBirthDay'];

We previously used javascript to check for duplicate IDs, password matches, and so on.
But here we have to recreate that feature. In PHP.
Why should you do this?
JavaScript is a client-side language.
Client-side languages ​​can be manipulated to any number of sources via Chrome Inspector.
In other words, we can skip the features we've created and go straight away, of course, it's a bad guy who knows the web.
To prevent these people from doing so, PHP goes through the process once more.

  1. // revalidate in PHP
  2.  
  3. // duplicate ID check.
  4. $sql = "SELECT * FROM member WHERE memberId = '{$memberId}'";
  5. $res = $dbConnect->query($sql);
  6. if($res->num_rows >= 1){
  7.     echo 'Please Write Different ID';
  8.     exit;
  9. }
  10.  
  11. // make sure password matches
  12. if($memberPw !== $memberPw2){
  13.     echo 'Passwords do not match';
  14.     exit;
  15. }else{
  16.     //nickname, birthday and name are not empty
  17.     $memberPw = sha1($memberPw);
  18. }
  19.  
  20. //nickname, birthday and name are not empty
  21. if($memberNickName == '' || $memberBirthDay == '' || $memberName == ''){
  22.     echo 'No birthday, name or nickname value.';
  23.     exit;
  24. }
  25.  
  26. //email address is correct
  27. $checkEmailAddress = filter_var($memberEmailAddress, FILTER_VALIDATE_EMAIL);
  28.  
  29. if($checkEmailAddress != true){
  30.     echo "Not a valid email address.";
  31.     exit;
  32. }

As in the source above, the ID is duplicated, the password is matched, and there is a blank value.
People caught in the above method is because they entered the abnormal path anyway, so they do not create an action when they do something different, they just exit.
I do, but you can do it the way you want.
Check the password and if the password matches $memberPw = sha1($memberPw);
I put a value in a function called sha1.
These passwords are encrypted.
When you create a web service, your customers' passwords shouldn't be in the DB. If a bad person hacks your DB, it's a big deal if an unencrypted password breaks in.
To do this, the password must be changed and stored by something that neither the developer, the company owner, nor the owner of the password knows. Unconditional.
However, some junky companies often store them without encryption. So be careful.
And save all of the above steps.

  1. //input db
  2. $sql = "INSERT INTO member(userId, name, nickname, password, email, birthday) ";
  3. $sql .= "VALUES('{$memberId}','{$memberName}','{$memberNickName}','{$memberPw}','{$memberEmailAddress}','{$memberBirthDay}');";
  4.  
  5. if($dbConnect->query($sql)){
  6.     echo "<script>alert('Thank you. Please SignIn.');location.href='/myProject/';</script>";
  7. }else{
  8.     echo 'Sign up failed';
  9. }

Voila, you can save like this.