所以我試圖做一個簡單的電子商務網站。提交表單(btn-submit)後,我無法將任何數據插入到我的數據庫中。只有地址和聯繫電話驗證有效。我的代碼顯示沒有errmsg,但沒有向數據庫中插入任何數據
這裏是我的代碼:
if (isset($_POST['btn-submit'])) {
// clean user inputs
$oadd = trim($_POST['oadd']);
$oadd = strip_tags($oadd);
$oadd = htmlspecialchars($oadd);
$contact = trim($_POST['contact']);
$contact = strip_tags($contact);
$contact = htmlspecialchars($contact);
// address validation
if (empty($oadd)) {
$error = true;
$oaddError = "Please enter a valid address.";
} else if (strlen($oadd) < 5) {
$error = true;
$oaddError = "Please enter a valid address.";
}
// contact number validation
if (empty($contact)) {
$error = true;
$contactError = "Please enter your contact number.";
} else if (strlen($contact) < 7) {
$error = true;
$contactError = "Contact number must have atleast 7 digits.";
} else if (!preg_match("/^[0-9 ]+$/",$lname)) {
$error = true;
$lnameError = "Please enter a valid contact number.";
}
// if there's no error, continue to place order
if(!$error) {
$query = 'INSERT INTO cust_order(Order_Date, Order_Status, Order_Total , Address, Contact_No) VALUES (CURDATE(), "in process" , (SELECT SUM(p.Product_Price) FROM cart c, product p WHERE c.Prod_ID = p.Product_ID and c. User_ID = "'.$userRow['User_ID'].'"),"'.$oadd.'","'. $contact.'")';
$res = mysql_query($query);
if ($res) {
$errTyp = "success";
$errMSG = "Your order has been placed. To view the details, go to your order history";
unset($oadd);
unset($contact);
} else {
$errTyp = "danger";
$errMSG = "Something went wrong. Please try again later.";
}
}
}
怎麼可能是錯我的代碼?我在其他頁面做了類似的查詢,但這是唯一不能正常工作的。任何幫助將不勝感激!提前致謝!
'$ userRow [ 'USER_ID' ]'我找不到userRow的價值? –
對不起。這裏是我的代碼前 $ res = mysql_query(「SELECT * FROM users WHERE User_ID =」。$ _ SESSION ['user']); $ userid = $ _ SESSION ['user']; $ userRow = mysql_fetch_array($ res); $ error = false;如果(isset($ _ POST ['btn-submit'])){ – angelica
**警告**:如果您剛學習PHP,請不要使用['mysql_query'](http:// php .net/manual/en/function.mysql-query.php)接口。這是非常可怕和危險的,它在PHP 7中被刪除了。[PDO的替代品並不難學](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps -pdo-for-database-access /)以及[PHP The Right Way](http://www.phptherightway.com/)等指南介紹了最佳實踐。你的用戶數據是**不是** [正確轉義](http://bobby-tables.com/php.html),並有[SQL注入漏洞](http://bobby-tables.com/),並且可以被利用。 – tadman