使用“会话”将项目添加到购物车
[英]Using Sessions to add items to a cart
问题描述
I have been following a tutorial for a php shopping cart, 
我一直在关注php购物车的教程,
I have checked my code over and I am to the point where the add to cart button SHOULD be adding the products into the sidebar. 我检查了我的代码,我到了添加到购物车按钮应该将产品添加到侧边栏的位置。
However, it appears to skip over my if statement and go straight to the else error message stating the product ID is invalid. 但是,它似乎跳过我的if语句并直接转到else错误消息,指出产品ID无效。 I have checked that the SKU in the database match thought that are displayed in $id so i'm a little lost as to why this error persists? 我已经检查过数据库中的SKU匹配是否显示在$ id中,所以我有点迷失为什么这个错误仍然存在?
PHP for Products: PHP产品:
<?php
session_start();
if (isset($_GET['action']) && $_GET['action'] == "add") {
$id = $_GET['id'];
if (isset($_SESSION['cart'][$id])) {
$_SESSION['cart'][$id]['quantity']++;
} else {
$sql2 = "SELECT * FROM products WHERE SKU=$id";
$query2 = mysql_query($sql2);
if(mysql_num_rows($query2) != 0){
$row2 = mysql_fetch_array($query2);
$_SESSION['cart'][$row2['SKU']] = array("quantity" => 1, "price" => $row2['price']);
} else {
$message = "This product ID is invalid";
}
}
}
?>
<h2 class="message"><?php if(isset($message)){echo $message;} ?></h2>
<h1>Product Page</h1>
<table>
<tr>
<th>Name</th>
<th>Description</th>
<th>Price</th>
<th>Action</th>
</tr>
<?php
$sql = "SELECT * FROM products ORDER BY SKU ASC";
$query = mysql_query($sql)or die(mysql_error());
while($row = mysql_fetch_assoc($query)){
?>
<tr>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['description']; ?></td>
<td><?php echo "£" . $row['price']; ?></td>
<td><a href="index.php?page=products&action=add&id=<?php echo $row['SKU']; ?>">Add to cart</a></td>
</tr>
<?php
}
?>
PHP for Index.php: 用于Index.php的PHP:
<?php
session_start();
require_once("connect.php");
if (isset($_GET['page'])) {
$pages = array("products","cart");
if (in_array($_GET['page'],$pages)) {
$page = $_GET['page'];
} else {
$page = "products";
}
} else {
$page = "products";
}
?>
<html>
<head>
<link rel="stylesheet" href="reset.css" />
<link rel="stylesheet" href="style.css" />
<title>Shopping Cart - WebThatWorks Ltd</title>
</head>
<body>
<div id="container">
<div id="main"><?php require($page. ".php"); ?></div>
<div id="sidebar">
<h1>Cart</h1>
<?php
if (isset($_SESSION['cart'])) {
$sql = "SELECT * FROM products WHERE SKU IN (";
foreach ($_SESSION['cart'] as $id => $value) {
$sql .=$id. ",";
}
$sql = substr($sql,0,-1) . ")ORDER BY SKU ASC";
$query = mysql_query($sql);
while($row = mysql_fetch_array($query)){
?>
<p><?php echo $row['name']; ?><?php echo $_SESSION['cart'][$row['SKU']]['quantity']; ?></p>
<a href="index.php?page=cart">Go To Cart</a>
<?php
}
} else {
echo "<p>Your Cart Is Empty. <br /> Please Add some products</a>";
}
?>
If you require me to post the structure of my database, I shall do so 如果您要求我发布我的数据库结构,我会这样做
1 个解决方案
解决方案1
2 已采纳 2013-06-15 15:24:49
The problem is your SKU is a string and so it needs quotes in the query: 问题是你的SKU是一个字符串,所以它需要在查询中引用:
$sql2 = "SELECT * FROM products WHERE SKU='" . mysql_real_escape_string($id) . "'";
I also added the escape call to prevent SQL Injection, but for best security and other benefits, you should switch to a modern API such as PDO or MySQLi and use prepared statements. 我还添加了转义以防止SQL注入,但为了获得最佳安全性和其他好处,您应该切换到现代API,如PDO或MySQLi,并使用预准备语句。
You will also need to make sure the quotes are added to the IN query as well. 您还需要确保将引号添加到IN查询中。
foreach ($_SESSION['cart'] as $id => $value) {
$sql .="'" . mysql_real_escape_string($id) . "',";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.