public function SignUpUser() { $user = addslashes(trim($_POST['username'])); $psw = addslashes(trim($_POST['password'])); $fname = addslashes(trim($_POST['fname'])); $lname = addslashes(trim($_POST['lname'])); $email = addslashes(trim($_POST['email'])); $birthday = addslashes(trim($_POST['birthday'])); $phone = addslashes(trim($_POST['phone'])); $name = addslashes(trim($_POST['nameshow'])); $address = addslashes(trim($_POST['address'])); $district = addslashes(trim($_POST['district'])); $province = addslashes(trim($_POST['province'])); $postcode = addslashes(trim($_POST['postcode'])); $sqlProvince = "select PROVINCE_NAME from province where PROVINCE_ID = '" . $province . "'"; $result = mysqli_query(parent::getLink(), $sqlProvince); $pro = ""; while ($data = mysqli_fetch_array($result)) { $pro = $data['PROVINCE_NAME']; } $address .= " อ." . $district . " จ." . $pro; //$pattern = "/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\w{8,16}$/"; $pattern = "/^(?=.*\\d)(?=.*[a-zA-Z])(?=.*[0-9])\\w{8,16}\$/"; if (!preg_match($pattern, $psw)) { echo "not match"; exit; } $sql = "INSERT INTO user "; $sql .= " VALUES(0, '{$user}' , '{$psw}' , 'member' , '{$fname}' , '{$lname}' , '{$email}' , '{$birthday}' ,'{$address}','{$phone}');"; //$select = "select username,password from user where username = '******' AND password = '******'"; //$r_s = mysqli_query(parent::getLink(), $select); $rs = mysqli_query(parent::getLink(), $sql); if ($rs) { echo "success"; exit; } else { echo "error"; exit; } }
<div class="navbar-header"> <button class="navbar-toggle collapsed menu-nav" data-toggle="collapse" data-target="#topNav" > MENU </button> <a href="admin.php" class="navbar-brand"> <font size="5">Management User</font> </a> </div> </div> </nav> <?php include_once './config/config.php'; $id = $_GET['id']; $sql = "select * from user where user_id = '" . $id . "'"; $db = new dbConnection(); $rs = mysqli_query($db->getLink(), $sql); $username = ""; $firstname = ""; $lastname = ""; $password = ""; $type = ""; $email = ""; $birthday = ""; $address = ""; $phone = ""; while ($row = mysqli_fetch_array($rs)) { $username = $row['username']; $firstname = $row['firstname']; $lastname = $row['lastname']; $password = $row['password']; $type = $row['type'];