[英]Shopping cart with PHP and SQL
I have various number of files and database tables including artist
, album
and tracks
. 我有各种数量的文件和数据库表,包括
artist
, album
和tracks
。
On the webpage user can choose an artist, an album and then songs or albums to buy. 在网页上,用户可以选择艺术家,专辑,然后选择要购买的歌曲或专辑。
The desired functionality is: when the user selects to buy the album, all the tracks are added to the shopping cart. 所需的功能是:当用户选择购买专辑时,所有曲目都被添加到购物车。
Here is a PHP code chunk with a link for buying an album: 这是一个PHP代码块,其中包含用于购买相册的链接:
<p>?php
session_start(); <br>
$albumID=$_POST["albumID"]; <br>
echo "<p>Going to buy album $albumID</p>";
echo "<p><a href=\"shopForTracks.php\">Click here to continue</a></p>";
?></p>
I have got also other files with DB queries etc. in them. 我还有其他带有数据库查询等的文件。
There is one to get the artist by letter, another one to get album from artist. 有一个可以通过信件获得艺术家,另一个可以获得艺术家的专辑。 Then, a shopping, show basket, show purchases, add to basket and checkout files.
然后,购物,展示篮子,显示购买,添加到篮子和结帐文件。
Any help with the problem is greatly appreciated. 非常感谢任何有关此问题的帮助。
Additional code from getTracksByAlbum.php 来自getTracksByAlbum.php的其他代码
?php
include ("dbConnect.php");
$albumID=$_GET["id"];
$dbQuery="select id,title from tracks where albumID='$albumID' order by trackNumber
asc";
$dbResult=mysql_query($dbQuery);
echo $albumID."\n";
echo mysql_num_rows($dbResult)."\n";
while ($dbRow=mysql_fetch_array($dbResult)) {
echo $dbRow["id"]."_".$dbRow["title"]."\n";
}
?>
Additional code from showBasket.php 来自showBasket.php的附加代码
<?php
if (isset($_SESSION["currentUserID"])) {
$dbQuery="select * from basket where paid='N' and userID=".$_SESSION["currentUserID"];
$dbResult=mysql_query($dbQuery);
$numTracks=mysql_num_rows($dbResult);
}
?>
<a href="login.php">Logout <?php echo $_SESSION["currentUser"]; ?></a> |
<a href="shopForTracks.php">Shop for tracks</a> |
<a href="showBasket.php">Show Basket</a> <?php echo "($numTracks)"; ?> |
<a href="checkout.php">Checkout</a> |
<a href="showMyPurchases.php">Show my purchases</a>
<hr>
<?php
$dbQuery="select tracks.title, albums.title, artists.name, basket.id ".
"from basket,tracks,albums,artists ".
"where basket.userID=".$_SESSION["currentUserID"]." ".
"and basket.paid='N' ".
"and basket.trackID=tracks.id ".
"and albums.id=tracks.albumID ".
"and artists.id=tracks.artistID";
$dbResult=mysql_query($dbQuery);
$numTracks=mysql_num_rows($dbResult);
if ($numTracks==0)
echo "<h3>Your basket is empty</h3>";
else {
?>
I'm not sure what other information is needed, I don't fully understand and there's a lot of it. 我不确定需要什么其他信息,我不完全理解,而且有很多。 I was originally using this -
我原来是用这个 -
$query = mysql_query("SELECT song_id FROM song WHERE album = '".$_POST['albumID']."'")
$_SESSION['ID] = array();
while($album = mysql_fetch_array($query)
{
$_SESSION['basket'][] = $albums['Track_id']
}
to try and work it out - but I'm really lost :( 尝试解决它 - 但我真的迷失了:(
Based on your last piece of code, you need to do something similar to the following piece of code in shofForTracks.php
根据您的最后一段代码,您需要在
shofForTracks.php
执行类似于以下代码的shofForTracks.php
// We get the album to add via the `albumID` GET parameter
$query = mysql_query("SELECT song_id FROM song WHERE album = '".mysql_real_escape_string($_GET['albumID'])."'")
// We add a line to the cart per track of the album. We construct the query by pieces
$insert = "INSERT INTO basket (userID, paid, trackID) VALUES ";
$template = "(" . mysql_real_escape_string($_SESSION['currentUserID']) . ", 'N', %d)";
// Add a value line for each track in the array `$tracks`
$tracks = array()
while($track = mysql_fetch_array($query)
$tracks[] = sprintf($template, $track['song_id']);
// Add the lines to the insert query
// "INSERT INTO ... VALUES (ID, 'N', 1), (ID, 'N', 3)"
$insert .= implode(", ", $tracks);
mysql_query($insert);
Note that : 注意 :
$_POST
, $_GET
, ...). $_POST
, $_GET
,...)。 Your existing code is vulnerable to SQL injection . mysql_*
functions. mysql_*
函数。 Switch to mysqli
or PDO. mysqli
或PDO。 See this and that and that . GET
request to add stuff to your cart can lead to security vulnerabilities, like XSS GET
请求将内容添加到购物车可能会导致安全漏洞,例如XSS
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.