在PHP / SQL问题上苦苦挣扎

时间:2014-07-27 13:14:42

标签: php mysql sql

我对PHP / MYSQL有点问题。基本上我试图创建一个购物车,我得到以下错误..

未知栏' admin'在' where子句'

在该错误之前,我有未定义的索引,所以我修复了,但现在我有这个错误?任何线索?

这是我用户表中的数据库

http://gyazo.com/cdc8324bf603891118d39c8aa5b3dc19

我的代码.. 

<?php 
//--- Authenticate code begins here ---
session_start();
//checks if the login session is true

if (!isset($_SESSION['username'])){
header("location:index.php");
}
$username = $_SESSION['username'];

// --- Authenticate code ends here ---


 include ('header.php'); 



        ?>

        <link rel="stylesheet" type="text/css" href="../css/style1.css">




<div style="float:right">  <a class="btn btn-danger logout" href="logout.php" > Logout</a> </div>

<div id="menu">
    <ul id="nav">
        <li><a href="home.php" target="_self" >Home</a></li>
        <li><a href="session1.php" target="_self" >Sessions</a>

            <ul>
                <li><a href="session1.php" target="_self" >Session 1</a></li>
                <li><a href="session2.php" target="_self" >Session 2</a></li>
                <li><a href="session3.php" target="_self" >Session 3</a></li>
                <li><a href="session4.php" target="_self" >Session 4</a></li>
                <li><a href="session5.php" target="_self" >Session 5</a></li>
                <li><a href="session6.php" target="_self" >Session 6</a></li>
                <li><a href="session7.php" target="_self" >Session 7</a></li>
                <li><a href="session8.php" target="_self" >Session 8</a></li>
                <li><a href="session9.php" target="_self" >Session 9</a></li>
                <li><a href="session10.php" target="_self" >Session 10</a></li>
                <li><a href="session11.php" target="_self" >Session 11</a></li>
                <li><a href="session12.php" target="_self" >Session 12</a></li>
                <li><a href="session13.php" target="_self" >Session 13</a></li>
                <li><a href="session14.php" target="_self" >Session 14</a></li>



            </ul>
            <li><a href="blog.php" target="_self" >Blog</a></li>
            <li><a href="shop.php" target="_self" >Shop</a></li>
    </ul>
</div>


<h2>Order Total</h2>
<p>Please confirm your order details</p>
<?php
 $sql = "SELECT fullname, location FROM users WHERE username =" . $_SESSION['username'];
//retrieve the details for the logged in user
$result = mysql_query($sql) or die(mysql_error($connection)); //run the query 
 $row = mysql_fetch_array($result); //save the result in the $row variable
 echo "<p> Order for: <strong>" . $row['fullname'] . " " . $row['location'] .
"</strong></p>"; // display the user name
?>

<table style="border-spacing:1px; font-family:Verana, Geneva, sans-serif; background-color:#e1e1e1; width:100%">


 <?php
 if(isset($_SESSION['cart'])){
 echo '<tr style="font-weight:bold; background-color:#fff;"><td 
style="padding:10px; width:120px;">Image</td><td style="padding:10px">Product 
Name</td><td style="padding:10px">Price</td><td style="padding:10px">Qty</td><td 
style="padding:10px">Subtotal</td></tr>';
 $max=count($_SESSION['cart']);
 for($i=0;$i<$max;$i++){ //for each product in the cart get the following
 $pid=$_SESSION['cart'][$i]['productID']; //productID
 $q=$_SESSION['cart'][$i]['qty']; //quantity
 $pname=get_product_name($pid); //product name
 if($q==0) continue;
 ?>
 <tr style="background-color:#fff">
 <td style="padding:10px"><?php echo "<img src='../images/shop/"
.(get_product_image($pid)) . "'" . " width=100 height=100 alt='product'" . " />"?></td>
 <td style="padding:10px"><?php echo $pname ?></td>
 <td style="padding:10px">$ <?php echo(number_format((get_price($pid)), 2, '.',
''))?></td>
 <td style="padding:10px"><?php echo $q ?></td>
 <td style="padding:10px">$ <?php echo(number_format((get_price($pid)*$q), 2,
'.', ''))?></td>

 <?php 

  }

  ?>

  <tr>
 <td style="padding:10px" colspan="2"><strong>Order Total: $ <?php
echo(number_format((get_order_total()), 2, '.', ''))?></strong></td>
 <td colspan="5" style="text-align:right; padding:10px;">
 <form action="shopsuccess.php" method="post">
 <input type="hidden" name="command" />
 <input type="button" value="Return to Cart"
onclick="window.location='shoppingcart.php'">
 <input type="submit" name="confirmorder" value="Confirm Order" />
 </form>
 </td> 
 </tr>
 <?php
 }
 else{
 echo "<tr style='background-color:#fff'><td>There are no items in your 
shopping cart!</td>";
 }
 ?>
</table>
<p>*Free Shipping Australia-Wide</p>






        <?php include ('footer.php'); ?>

1 个答案:

答案 0 :(得分:3)

你的问题的具体答案是你需要在字符串常量周围加上引号:

SELECT fullname, location FROM users WHERE username = '" . $_SESSION['username'] . "'"

有用的答案是你应该使用mysqli_而不是过时的mysql_接口。并且,您应该在查询中使用常量参数,而不是在字符串中替换值。首先,后者使代码易受SQL注入攻击。

相关问题
最新问题