当前位置:theitroad>windows 使用 PHP 将购物车详细信息插入 MySQL 数据库

windows 使用 PHP 将购物车详细信息插入 MySQL 数据库

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/8055357/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-15 18:25:11  来源:igfitidea点击:

Inserting Shopping cart Details Into MySQL Database Using PHP

phpmysqlwindowsshopping-cart

提问by Jahed

I have a shopping cart which at this point in time sends items that are brought by the customer to the database, but now I have included a login system whereby you have to be a member before you purchase an item. I have kept the logged in user in a session and so I am trying to send the session variable to the database as well once an order has been made. At the moment, I have three tables which are customers, orders and order_detail (see the following code):

我有一个购物车,它此时会将客户带来的物品发送到数据库,但现在我已经包含了一个登录系统,您必须先成为会员才能购买物品。我已将登录用户保留在会话中,因此一旦下订单,我也尝试将会话变量发送到数据库。目前,我有三个表,分别是客户、订单和 order_detail(请参阅以下代码):

session_start();
?>
<?php
if(!isset($_SESSION["username"]))
{
    header("Location: shoppinglogin.php");
}
?>

<?
    include("includes/db.php");
    include("includes/functions.php");

    if($_REQUEST['command']=='update'){
        $name=$_REQUEST['name'];
        $email=$_REQUEST['email'];
        $address=$_REQUEST['address'];
        $phone=$_REQUEST['phone'];

        $result=mysql_query("insert into customers values('','$name','$email','$address','$phone')");
        $customerid=mysql_insert_id();
        $date=date('Y-m-d');
        $result=mysql_query("insert into order values('','$date','$customerid')");
        $orderid=mysql_insert_id();

        $max=count($_SESSION['cart']);
        for($i=0;$i<$max;$i++){
            $pid=$_SESSION['cart'][$i]['productid'];
            $q=$_SESSION['cart'][$i]['qty'];
            $price=get_price($pid);
            mysql_query("insert into order_detail values ($orderid,$pid,$q,$price)");
        }
        die('Thank You! your order has been placed!');
        session_unset(); 
    }
?>

I have changed it into the following code:

我已将其更改为以下代码:

 <?php

session_start();
?>
<?php
if(!isset($_SESSION["username"]))
{
    header("Location: shoppinglogin.php");
}
?>

<?
    include("includes/db.php");
    include("includes/functions.php");

    if($_REQUEST['command']=='update'){
        $name=$_REQUEST['name'];
        $email=$_REQUEST['email'];
        $address=$_REQUEST['address'];
        $phone=$_REQUEST['phone'];

$max=count($_SESSION['cart']);
        for($i=0;$i<$max;$i++){
            $orderid=mysql_insert_id();
            $pid=$_SESSION['cart'][$i]['productid'];
            $q=$_SESSION['cart'][$i]['qty'];
            $price=get_price($pid);
            $date=date('Y-m-d');
            $user=$_SESSION['username'];
            mysql_query("insert into order values ($orderid,$pid,$q,$price,$date,$user)");
        }
        die('Thank You! your order has been placed!');
        session_unset(); 
    }
?>

the code above does not insert anything into my order table.

上面的代码没有在我的订单表中插入任何东西。

Thanks

谢谢

采纳答案by Marc B

Ugh. Database operations with absolutely NO error handling at all. Assuming a DB query succeeds only gets you into situations like this - no clue as to what's wrong.

啊。完全没有错误处理的数据库操作。假设数据库查询成功只会让您陷入这样的情况 - 不知道出了什么问题。

At absolutely bare mininum, your DB operations should look like this:

在绝对最低限度下,您的数据库操作应如下所示:

$sql = "... query goes here ..."
$result = mysql_query($sql);
if ($result === FALSE) {
   die("Query failed!" . mysql_error() . $sql);
}

which at least stops the script dead in its tracks, tells you that the query failed, tells you WHY it failed, and tells you what the query was.

这至少可以阻止脚本停止运行,告诉您查询失败,告诉您失败的原因,并告诉您查询是什么。

As well, your code is WIDE OPENto SQL injectionattacks. This is especially bad in what is obviously an e-commerce setup. I suggest you immediately SHUT DOWN this system until you've had a chance to read up on this and plug the holes.

同样,您的代码对SQL 注入攻击是广泛开放的。这在显然是电子商务设置中尤其糟糕。我建议你立即关闭这个系统,直到你有机会阅读并堵住漏洞。

回答by King Julien

Try or die(mysql_error())just after the mysql_query function. That would probably give you more information about the problem...

or die(mysql_error())在 mysql_query 函数之后尝试。这可能会给你更多关于这个问题的信息......

回答by t_mo_t

Please make sure if your query has '' enclosed to each values,

请确保您的查询在每个值中都包含了 '',

try replacing with this:

尝试用这个替换:

insert into order values ('$orderid','$pid','$q','$price','$date','$user')

insert into order values ('$orderid','$pid','$q','$price','$date','$user')

And make sure that the table orderhas no other fields that are not null when not specified:

并确保表order中没有其他字段在未指定时不为空:

insert into order (order_id, product_id, qty, price, order_date, order_user) values ('$orderid','$pid','$q','$price','$date','$user')

insert into order (order_id, product_id, qty, price, order_date, order_user) values ('$orderid','$pid','$q','$price','$date','$user')

相关推荐

Windows MTP/WPD 与 Android 设备通信

Windows MTP/WPD 与 Android 设备通信

windows Git 子模块混乱:如何与不熟悉 git 的开发人员一起使用 git 子模块?

windows Git 子模块混乱:如何与不熟悉 git 的开发人员一起使用 git 子模块?

Windows 如何计算卷唯一 ID?

Windows 如何计算卷唯一 ID?

windows Eclipse,导入项目但不复制

windows Eclipse,导入项目但不复制

相关推荐
最近更新
标签