PHP MySQL購物車麻煩
[英]PHP MySQL shopping cart trouble
問題描述
我在使用PHP購物車時遇到很多麻煩。 我遵循了sanwebe.com上的教程。
我的頁面顯示了我的產品並顯示了可以完美更新的購物車,然后我創建了一個最終訂單頁面供客戶填寫他們的交貨詳細信息和付款詳細信息,並且我希望我的腳本發送所有這些信息以及物品在購物車中找到我數據庫中的表格。
我正在設法通過SQL語句發送詳細信息,但是問題是,當客戶購買產品1和產品2時,它只會發送購物車中第一個產品的數據。 因此,如果該人購買了3個產品1,它將被罰款,但是當混合其他產品時,它將失敗。
我認為也許需要某種形式的循環或某種方式來傳遞多個項目?
order.php
<?php
session_start();
include_once("config.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Shopping Cart</title>
<link href="style/style.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="jquery-2.1.0.min.js"></script>
<script type="text/javascript" src="jquery.validate.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function() {
$('#orderform').validate(); // Select the form using its idname and apply the validate() function to it.
}); // end ready()
</script>
<body>
<div id="products-wrapper">
<h1>Complete Order</h1>
<div class="order">
<form id="orderform"action="process_order.php" method="post">
<h2>Delivery</h2>
<p><label for="firstname">First Name:</label> <input type="text" name="firstname" class="required"/></p>
<p><label for="lastname">Last Name:</label> <input type="text" name="lastname" class="required"/></p>
<p><label for="email">E-mail:</label> <input type="text" name="email" class="required email"/></p>
<p><label for="address">Address:</label> <input type="text" name="address" class="required" /></p>
<p><label for="city">City:</label> <input type="text" name="city" class="required" /></p>
<p><label for="postcode">Post Code:</label> <input type="text" name="postcode" class="required" /></p>
<p><label for="country">Country:</label> <input type="text" name="country" class="required" /></p>
<h2>Payment</h2>
<p><label for="cardnumber">Card Number:</label> <input type="text" name="cardnumber" class="required"/></p>
<p><label for="expire">Expiration Date:</label> <input type="text" name="expire" class="required digits"/></p>
<p><label for="scode">Security Code:</label> <input type="text" name="scode" class="required digits"/></p>
<p class="submit"><input type="submit" value="Submit" /></p>
</div>
<div class="shopping-cart">
<h2>Your Order</h2>
<?php
$current_url = base64_encode($url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
if(isset($_SESSION["products"]))
{
$total = 0;
echo '<ul>';
$cart_items = 0;
foreach ($_SESSION["products"] as $cart_itm)
{
$product_code = $cart_itm["code"];
$results = $mysqli->query("SELECT product_name,product_desc, price FROM products WHERE product_code='$product_code' LIMIT 5");
$obj = $results->fetch_object();
echo '<li class="cart-itm">';
echo '<span class="remove-itm"><a href="cart_update.php?removep='.$cart_itm["code"].'&return_url='.$current_url.'">×</a></span>';
echo '<div class="p-price">'.$currency.$obj->price.'</div>';
echo '<div class="product-info">';
echo '<h3>'.$obj->product_name.' (Code :'.$product_code.')</h3> ';
echo '<div class="p-qty"><strong>Qty : '.$cart_itm["qty"].'</strong></div>';
echo '<div>'.$obj->product_desc.'</div>';
echo '</div>';
echo '</li>';
$subtotal = ($cart_itm["price"]*$cart_itm["qty"]);
$total = ($total + $subtotal);
$vat = ($total * '20' / '100');
$ordertotal = ($total + $vat);
echo '<input type="hidden" name="item_name['.$cart_items.']" value="'.$obj->product_name.'" />';
echo '<input type="hidden" name="item_code['.$cart_items.']" value="'.$product_code.'" />';
echo '<input type="hidden" name="item_desc['.$cart_items.']" value="'.$obj->product_desc.'" />';
echo '<input type="hidden" name="item_qty['.$cart_items.']" value="'.$cart_itm["qty"].'" />';
echo '<input type="hidden" name="ordertotal['.$cart_items.']" value="'.$ordertotal.'" />';
$cart_items ++;
}
echo '</ul>';
echo '<span class="check-out-txt">';
echo '+VAT : '.$currency.$vat.' ';
echo '<br>';
echo '<strong>Total : '.$currency.$ordertotal.'</strong> ';
echo '<br>';
echo '</span>';
echo '</form>';
}else{
echo 'Your Cart is empty';
}
?>
</div>
</body>
</html>
processorder.php
<!-- File: process_order.php
Job: PHP script to handle the information submitted to it by the webpage named testform.html
-->
<?php
session_start();
include_once("config.php");
?>
<html>
<head>
<title>Form processing script</title>
</head>
<body>
<?php
// The form contents are held in a special array named $POST.
// The next statements assign the information held in $POST to PHP variables for processing
// Delivery
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$email = $_POST["email"];
$address = $_POST["address"];
$city = $_POST["city"];
$postcode = $_POST["postcode"];
$country = $_POST["country"];
$cardnumber = $_POST["cardnumber"];
$expire = $_POST["expire"];
$scode = $_POST["scode"];
// Order
$product_name = $_POST["item_name"][0];
$product_code = $_POST["item_code"][0];
$product_qty = $_POST["item_qty"][0];
$ordertotal = $_POST["ordertotal"][0];
// Make a connection to the MySQL database server
$dbserverIP="localhost";
$dbusername="root"; // Use your own name
$dbuserpassword=""; // Use your own password
$connection = mysql_connect($dbserverIP,$dbusername,$dbuserpassword) or die("Couldn't connect to the dbserver.");
// Make a connection to the database
$dbname="ecomm"; // Use your own database name
$dbselectok = mysql_select_db($dbname,$connection) or die("Couldn't select the remote database.");
// Issue an SQL INSERT INTO command to the MySQL RDBMS
$sqlstatement = "INSERT INTO `ecomm`.`order` (`firstname`, `lastname`, `email`, `address`, `city`, `postcode`, `country`, `cardnumber`, `expire`, `scode`, `product_name`, `product_code`, `product_qty`, `ordertotal`)
VALUES ('$firstname', '$lastname', '$email', '$address', '$city', '$postcode', '$country', '$cardnumber', '$expire', '$scode', '$product_name', '$product_code', '$product_qty', '$ordertotal')";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL INSERT statement");
// Issue an SQL SELECT command to the MySQL RDBMS
$sqlstatement = "SELECT * FROM `order`";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL SELECT statement");
// Process the information retrieved from the database and display to the user's browser
while ($row = mysql_fetch_array($sql_result))
{
$fn = $row["firstname"];
$ln = $row["lastname"];
$em = $row["email"];
echo "<BR>$fn $ln $em\n";
}
// Free up any memory holding the database records
mysql_free_result($sql_result);
// Close the connection to the database server
mysql_close($connection);
?>
</body>
</html>
1 個解決方案
解決方案1
1 2014-04-25 17:05:38
問題在於此代碼:
// Issue an SQL INSERT INTO command to the MySQL RDBMS
$sqlstatement = "INSERT INTO `ecomm`.`order` (`firstname`, `lastname`, `email`, `address`, `city`, `postcode`, `country`, `cardnumber`, `expire`, `scode`, `product_name`, `product_code`, `product_qty`, `ordertotal`)
VALUES ('$firstname', '$lastname', '$email', '$address', '$city', '$postcode', '$country', '$cardnumber', '$expire', '$scode', '$product_name', '$product_code', '$product_qty', '$ordertotal')";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL INSERT statement");
它將針對一個給定數量的產品將一條記錄插入數據庫(因此,如果我訂購3件鋼鐵俠T恤,那沒關系,但是如果我也想要美國隊長Polo,它將忽略它)。
要解決此問題,您需要循環或多次調用此頁面。
更大的問題是您的數據庫存在設計問題。 我認為在訂單表上擁有所有數據並不好。 我可能設計的方式是讓訂單具有唯一的ID,該ID包含所有客戶和付款信息(或者更好的是,這些客戶在客戶表和存儲的付款表中的值的ID),然后具有訂單明細表,具有與唯一訂單ID相關聯的商品,數量。
由於您已經將數組傳遞到此頁面,因此可以執行以下操作:
$firstname = mysql_real_escape_string($_POST["firstname"]);
$lastname = mysql_real_escape_string($_POST["lastname"]);
$email = mysql_real_escape_string($_POST["email"]);
$address = mysql_real_escape_string($_POST["address"]);
$city = mysql_real_escape_string($_POST["city"]);
$postcode = mysql_real_escape_string($_POST["postcode"]);
$country = mysql_real_escape_string($_POST["country"]);
$cardnumber = mysql_real_escape_string(($_POST["cardnumber"]);
$expire = mysql_real_escape_string($_POST["expire"]);
$scode = mysql_real_escape_string($_POST["scode"]);
for ($i = 0; $i < sizeof($_POST["item_name"]); $i++){
$product_name = mysql_real_escape_string($_POST["item_name"][$i]);
$product_code =mysql_real_escape_string($_POST["item_code"][$i]);
$product_qty =mysql_real_escape_string($_POST["item_qty"][$i]);
$ordertotal = mysql_real_escape_string($_POST["ordertotal"][$i]);
// Make a connection to the MySQL database server
$dbserverIP="localhost";
$dbusername="root"; // Use your own name
$dbuserpassword=""; // Use your own password
$connection = mysql_connect($dbserverIP,$dbusername,$dbuserpassword) or die("Couldn't connect to the dbserver.");
// Make a connection to the database
$dbname="ecomm"; // Use your own database name
$dbselectok = mysql_select_db($dbname,$connection) or die("Couldn't select the remote database.");
// Issue an SQL INSERT INTO command to the MySQL RDBMS
$sqlstatement = "INSERT INTO `ecomm`.`order` (`firstname`, `lastname`, `email`, `address`, `city`, `postcode`, `country`, `cardnumber`, `expire`, `scode`, `product_name`, `product_code`, `product_qty`, `ordertotal`)
VALUES ('$firstname', '$lastname', '$email', '$address', '$city', '$postcode', '$country', '$cardnumber', '$expire', '$scode', '$product_name', '$product_code', '$product_qty', '$ordertotal')";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL INSERT statement");
}
我的PHP有點生銹,但這是基本結構,您必須調試和調整它以確保其正確運行。 您將需要在用戶可以輸入的任何變量字符串周圍插入mysql_real_escape_string(),以防止SQL注入。
PHP MYSQL 購物車
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.