function query_insert_address() { global $connection; //prep values $address = mysqli_real_escape_string($connection, $_POST['address']); $city = mysqli_real_escape_string($connection, $_POST['city']); $postcode = mysqli_real_escape_string($connection, $_POST['postcode']); $country = mysqli_real_escape_string($connection, $_POST['country']); $phonenumber = mysqli_real_escape_string($connection, $_POST['phonenumber']); $street = $address; /*Unfortunately, userId must be fetched through a query to the database. * Different methods would involve generating a unique id per user through the * php logic, but this would probably produce a hexidecimal string, which would * need to be stored as a VARCHAR at the database level. Performance is not * critical for this project, so the worst performing solution is opted for.*/ $userId = query_select_last_user()['userId']; //construct query $query = "INSERT INTO address "; $query .= "(user_id, street, zip, city, country, phone) "; $query .= "VALUES "; $query .= "({$userId}, '{$street}', '{$postcode}', '{$city}', '{$country}', "; $query .= "{$phonenumber});"; //execute query $result = mysqli_query($connection, $query); //check result if ($result) { //Success return 1; } else { //Failure return 0; } }
function query_select_last_user_success() { global $connection; assert(query_select_last_user()['firstName'] == "testname"); }