我保证,这将是今天的最后一个问题。但我得到一个错误'警告:mysql_fetch_assoc():提供的参数不是第58行的/home/a1014025/public_html/practice/cart/cart.php中的有效MySQL结果资源,使用此代码:
<?php
include('connect.php');
session_start();
?>
<html>
<head>
<title>Cart</title>
<link rel='stylesheet' href='css/main.css' />
</head>
<body>
<?php
$page = 'index.php';
if(isset($_GET['add'])){
$add_id = $_GET['add'];
$quantity = mysql_query("SELECT id, quantity FROM products WHERE id='$add_id'");
while($quantity_row = mysql_fetch_assoc($quantity)){
if($quantity_row['quantity'] !=@$_SESSION['cart_'.$add_id]){
@$_SESSION['cart_'.$_GET['add']]+='1';
header('Location: index.php');
}
else{
header('Location: index.php?err=max');
}
}
}
if(isset($_GET['remove'])){
$_SESSION['cart_'.(int)$_GET['remove']]--;
header("Location: index.php");
}
if(isset($_GET['delete'])){
$_SESSION['cart_'.(int)$_GET['delete']]='0';
header('Location: index.php');
}
function products(){
$get = mysql_query("SELECT id, name, description, price FROM products WHERE quantity > 0 ORDER BY id DESC");
if(mysql_num_rows($get) == 0){
echo "There are no products to display.";
}
else{
while($get_row = mysql_fetch_assoc($get)){
echo '<p>'.$get_row['name'].'<br />'.$get_row['description'].'<br />$'.$get_row['price'].' <a href="cart.php?add='.$get_row['id'].'">Add</a></p>';
}
}
}
function paypal_items(){
$num = 0;
foreach($_SESSION as $name => $value){
if($value!=0){
if(substr($name, 0, 5) == 'cart_'){
$id = substr($name, 5, strlen($name)-5);
$get = mysql_query("SELECT id, name, price, shipping, shipping2 FROM products WHERE id=".$id);
while($get_row = mysql_fetch_assoc($get)){
$num++;
echo '<input type="hidden" name="item_number_'.$num.'" value="'.$id.'">';
echo '<input type="hidden" name="item_name_'.$num.'" value="'.$get_row['name'].'">';
echo '<input type="hidden" name="amount_'.$num.'" value="'.$get_row['price'].'">';
echo '<input type="hidden" name="shipping_'.$num.'" value="'.$get_row['shipping'].'">';
echo '<input type="hidden" name="shipping2_'.$num.'" value="'.$get_row['shipping2'].'">';
echo '<input type="hidden" name="quantity_'.$num.'" value="'.$value.'">';
}
}
}
}
}
function cart(){
$total = 0;
foreach($_SESSION as $name => $value){
if($value>0){
if(substr($name, 0, 5)=='cart_'){
$id = substr($name, 5, strlen($name)-5);
$get = mysql_query("SELECT id, name, price FROM products WHERE id='$id'");
while($get_row = mysql_fetch_assoc($get)){
$sub = $get_row['price']*$value;
echo $get_row['name'].' x '.$value.' @ $'.number_format($get_row['price'], 2).' = $'.$sub.' <a href="cart.php?add='.$id.'">[+]</a> <a href="cart.php?remove='.$id.'">[-]</a> <a href="cart.php?delete='.$id.'">[Delete]</a><br />';
}
}
$total += $sub;
}
}
if($total==0){
echo "You cart is empty.";
}
else{
echo "<p>Checkout with PayPal for your $".$total." total.</p>";
?>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="ddromano@comcast.net">
<?php paypal_items(); ?>
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="amount" value="<?php echo $total; ?>">
<input type="image" src="http://www.paypal.com/en_US/i/btn/x-click-but03.gif" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
<?php
}
}
?>
</body>
答案 0 :(得分:0)
请停止抑制脚本中的错误。
@$_SESSION['cart_'.$_GET['add']]+='1';
启用错误报告,让您更好地了解脚本中的问题所在。
该代码中的第58行指向:
57 $get = mysql_query("SELECT id, name, price, shipping, shipping2 FROM products WHERE id=".$id);
58 while($get_row = mysql_fetch_assoc($get)){
...
由于您在函数中使用mysql_
资源,因此连接很可能超出范围。您必须将连接传递给函数或全局化连接。
function paypal_items($conn){
或者
function paypal_items(){
global $conn;
我在你的previous question中提到过它,你似乎忽略了它;您的脚本容易受到SQL注入攻击。我 强烈 敦促您了解这是什么,修复它并转移到mysqli_
或PDO
。
答案 1 :(得分:-1)
在第57行的SQL中看起来有错误 - 您的id值应该在引号中:
$get = mysql_query("SELECT id, name, price, shipping, shipping2 FROM products WHERE id='".$id."'");
您可以使用or
$get = mysql_query(...) or die(mysql_error());
顺便说一句,在提交查询之前,您确实应该清理查询。每次将变量传递给SQL语句时,请使用mysql_real_escape_string
来阻止SQL注入。