使用“会话”将项目添加到购物车

时间:2013-06-15 14:50:09

标签: php html

我一直在关注php购物车的教程,

我已经检查了我的代码,我已经到了添加到购物车按钮的位置,应该将产品添加到侧边栏中。

但是,它似乎跳过我的if语句并直接转到else错误消息,指出产品ID无效。 我已经检查过数据库中的SKU匹配是否显示在$ id中,所以我有点迷失为什么这个错误仍然存​​在?

PHP for Products:

<?php
session_start();

if (isset($_GET['action']) && $_GET['action'] == "add") {
    $id = $_GET['id'];
    if (isset($_SESSION['cart'][$id])) {
        $_SESSION['cart'][$id]['quantity']++;
    } else {
        $sql2 = "SELECT * FROM products WHERE SKU=$id";
        $query2 = mysql_query($sql2);

        if(mysql_num_rows($query2) != 0){
            $row2 = mysql_fetch_array($query2);
            $_SESSION['cart'][$row2['SKU']] = array("quantity" => 1, "price" =>      $row2['price']);

        } else {
            $message = "This product ID is invalid";
        }
    }
}

?>

<h2 class="message"><?php if(isset($message)){echo $message;} ?></h2>
<h1>Product Page</h1>
<table>
  <tr>
    <th>Name</th>
    <th>Description</th>
    <th>Price</th>
    <th>Action</th>
  </tr>

<?php
$sql = "SELECT * FROM products ORDER BY SKU ASC";
$query = mysql_query($sql)or die(mysql_error());

while($row = mysql_fetch_assoc($query)){
?>

  <tr>
    <td><?php echo $row['name']; ?></td>
    <td><?php echo $row['description']; ?></td>
    <td><?php echo "&pound;" . $row['price']; ?></td>
    <td><a href="index.php?page=products&action=add&id=<?php echo $row['SKU']; ?>">Add to cart</a></td>
  </tr>

<?php
}
?>

用于Index.php的PHP:

<?php
    session_start();

    require_once("connect.php");
    if (isset($_GET['page'])) {
        $pages = array("products","cart");
        if (in_array($_GET['page'],$pages)) {
            $page = $_GET['page'];
        } else {
            $page = "products";
        }
    } else {
        $page = "products";
    }

?>

    <html>
      <head>
        <link rel="stylesheet" href="reset.css" />
        <link rel="stylesheet" href="style.css" />
        <title>Shopping Cart - WebThatWorks Ltd</title>
      </head>

      <body>
        <div id="container">
        <div id="main"><?php require($page. ".php"); ?></div>
        <div id="sidebar">

        <h1>Cart</h1>
<?php
          if (isset($_SESSION['cart'])) {
              $sql = "SELECT * FROM products WHERE SKU IN (";
              foreach ($_SESSION['cart'] as $id => $value) {
                  $sql .=$id. ",";
              }
              $sql = substr($sql,0,-1) . ")ORDER BY SKU ASC";
              $query = mysql_query($sql);
              while($row = mysql_fetch_array($query)){
?>
                <p><?php echo $row['name']; ?><?php echo $_SESSION['cart'][$row['SKU']]['quantity']; ?></p>
                <a href="index.php?page=cart">Go To Cart</a>
<?php
              }
          } else {
              echo "<p>Your Cart Is Empty.  <br /> Please Add some products</a>";
          }
?>

如果您要求我发布我的数据库结构,我会这样做

1 个答案:

答案 0 :(得分:2)

问题是你的SKU是一个字符串,所以它在查询中需要引号:

$sql2 = "SELECT * FROM products WHERE SKU='" . mysql_real_escape_string($id) . "'";

我还添加了转义以防止SQL注入,但为了获得最佳安全性和其他好处,您应该切换到现代API,如PDO或MySQLi,并使用预准备语句。

您还需要确保将引号添加到IN查询中。

foreach ($_SESSION['cart'] as $id => $value) {
    $sql .="'" . mysql_real_escape_string($id) . "',";
}
相关问题
最新问题