我在使用PHP购物车时遇到了很多麻烦。我在sanwebe.com上学习了一些教程。
我的页面显示了我的产品并显示了可以完美更新的购物车,然后我创建了一个最终订单页面,供客户填写他们的交付详细信息和付款详细信息,我希望我的脚本能够发送所有这些信息,以及作为购物车中的项目到我的数据库中的表格。
我正在设法使用SQL语句发送详细信息,但问题是当客户购买产品1和产品2时,它只会发送购物车中第一个产品的数据。因此,如果该人购买3件产品1,它会将其发送得很好,但是当混合不同的产品时,它会失败。
我想可能需要某种形式的循环或某些东西来传递多个项目?
order.php
<?php
session_start();
include_once("config.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Shopping Cart</title>
<link href="style/style.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="jquery-2.1.0.min.js"></script>
<script type="text/javascript" src="jquery.validate.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function() {
$('#orderform').validate(); // Select the form using its idname and apply the validate() function to it.
}); // end ready()
</script>
<body>
<div id="products-wrapper">
<h1>Complete Order</h1>
<div class="order">
<form id="orderform"action="process_order.php" method="post">
<h2>Delivery</h2>
<p><label for="firstname">First Name:</label> <input type="text" name="firstname" class="required"/></p>
<p><label for="lastname">Last Name:</label> <input type="text" name="lastname" class="required"/></p>
<p><label for="email">E-mail:</label> <input type="text" name="email" class="required email"/></p>
<p><label for="address">Address:</label> <input type="text" name="address" class="required" /></p>
<p><label for="city">City:</label> <input type="text" name="city" class="required" /></p>
<p><label for="postcode">Post Code:</label> <input type="text" name="postcode" class="required" /></p>
<p><label for="country">Country:</label> <input type="text" name="country" class="required" /></p>
<h2>Payment</h2>
<p><label for="cardnumber">Card Number:</label> <input type="text" name="cardnumber" class="required"/></p>
<p><label for="expire">Expiration Date:</label> <input type="text" name="expire" class="required digits"/></p>
<p><label for="scode">Security Code:</label> <input type="text" name="scode" class="required digits"/></p>
<p class="submit"><input type="submit" value="Submit" /></p>
</div>
<div class="shopping-cart">
<h2>Your Order</h2>
<?php
$current_url = base64_encode($url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
if(isset($_SESSION["products"]))
{
$total = 0;
echo '<ul>';
$cart_items = 0;
foreach ($_SESSION["products"] as $cart_itm)
{
$product_code = $cart_itm["code"];
$results = $mysqli->query("SELECT product_name,product_desc, price FROM products WHERE product_code='$product_code' LIMIT 5");
$obj = $results->fetch_object();
echo '<li class="cart-itm">';
echo '<span class="remove-itm"><a href="cart_update.php?removep='.$cart_itm["code"].'&return_url='.$current_url.'">×</a></span>';
echo '<div class="p-price">'.$currency.$obj->price.'</div>';
echo '<div class="product-info">';
echo '<h3>'.$obj->product_name.' (Code :'.$product_code.')</h3> ';
echo '<div class="p-qty"><strong>Qty : '.$cart_itm["qty"].'</strong></div>';
echo '<div>'.$obj->product_desc.'</div>';
echo '</div>';
echo '</li>';
$subtotal = ($cart_itm["price"]*$cart_itm["qty"]);
$total = ($total + $subtotal);
$vat = ($total * '20' / '100');
$ordertotal = ($total + $vat);
echo '<input type="hidden" name="item_name['.$cart_items.']" value="'.$obj->product_name.'" />';
echo '<input type="hidden" name="item_code['.$cart_items.']" value="'.$product_code.'" />';
echo '<input type="hidden" name="item_desc['.$cart_items.']" value="'.$obj->product_desc.'" />';
echo '<input type="hidden" name="item_qty['.$cart_items.']" value="'.$cart_itm["qty"].'" />';
echo '<input type="hidden" name="ordertotal['.$cart_items.']" value="'.$ordertotal.'" />';
$cart_items ++;
}
echo '</ul>';
echo '<span class="check-out-txt">';
echo '+VAT : '.$currency.$vat.' ';
echo '<br>';
echo '<strong>Total : '.$currency.$ordertotal.'</strong> ';
echo '<br>';
echo '</span>';
echo '</form>';
}else{
echo 'Your Cart is empty';
}
?>
</div>
</body>
</html>
processorder.php
<!-- File: process_order.php
Job: PHP script to handle the information submitted to it by the webpage named testform.html
-->
<?php
session_start();
include_once("config.php");
?>
<html>
<head>
<title>Form processing script</title>
</head>
<body>
<?php
// The form contents are held in a special array named $POST.
// The next statements assign the information held in $POST to PHP variables for processing
// Delivery
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$email = $_POST["email"];
$address = $_POST["address"];
$city = $_POST["city"];
$postcode = $_POST["postcode"];
$country = $_POST["country"];
$cardnumber = $_POST["cardnumber"];
$expire = $_POST["expire"];
$scode = $_POST["scode"];
// Order
$product_name = $_POST["item_name"][0];
$product_code = $_POST["item_code"][0];
$product_qty = $_POST["item_qty"][0];
$ordertotal = $_POST["ordertotal"][0];
// Make a connection to the MySQL database server
$dbserverIP="localhost";
$dbusername="root"; // Use your own name
$dbuserpassword=""; // Use your own password
$connection = mysql_connect($dbserverIP,$dbusername,$dbuserpassword) or die("Couldn't connect to the dbserver.");
// Make a connection to the database
$dbname="ecomm"; // Use your own database name
$dbselectok = mysql_select_db($dbname,$connection) or die("Couldn't select the remote database.");
// Issue an SQL INSERT INTO command to the MySQL RDBMS
$sqlstatement = "INSERT INTO `ecomm`.`order` (`firstname`, `lastname`, `email`, `address`, `city`, `postcode`, `country`, `cardnumber`, `expire`, `scode`, `product_name`, `product_code`, `product_qty`, `ordertotal`)
VALUES ('$firstname', '$lastname', '$email', '$address', '$city', '$postcode', '$country', '$cardnumber', '$expire', '$scode', '$product_name', '$product_code', '$product_qty', '$ordertotal')";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL INSERT statement");
// Issue an SQL SELECT command to the MySQL RDBMS
$sqlstatement = "SELECT * FROM `order`";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL SELECT statement");
// Process the information retrieved from the database and display to the user's browser
while ($row = mysql_fetch_array($sql_result))
{
$fn = $row["firstname"];
$ln = $row["lastname"];
$em = $row["email"];
echo "<BR>$fn $ln $em\n";
}
// Free up any memory holding the database records
mysql_free_result($sql_result);
// Close the connection to the database server
mysql_close($connection);
?>
</body>
</html>
答案 0 :(得分:1)
问题在于此代码:
// Issue an SQL INSERT INTO command to the MySQL RDBMS
$sqlstatement = "INSERT INTO `ecomm`.`order` (`firstname`, `lastname`, `email`, `address`, `city`, `postcode`, `country`, `cardnumber`, `expire`, `scode`, `product_name`, `product_code`, `product_qty`, `ordertotal`)
VALUES ('$firstname', '$lastname', '$email', '$address', '$city', '$postcode', '$country', '$cardnumber', '$expire', '$scode', '$product_name', '$product_code', '$product_qty', '$ordertotal')";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL INSERT statement");
它会在数据库中为一个给定数量的产品插入一条记录(所以如果我订购3件钢铁侠T恤,那就没关系,但是如果我想要一个美国队长马球,它也会忽略它。) / p>
要解决此问题,您需要多次循环或调用此页面。
更大的问题是您的数据库存在设计问题。我认为在订购表上拥有您拥有的所有数据并不好。我可能设计的方式是使订单具有唯一ID,其中包含所有客户和付款信息(或更好,客户表和存储的付款表中这些值的ID),然后有一个订单详细信息表具有与唯一订单ID关联的项目,数量。
由于您已将数组传递到此页面,因此您可以执行以下操作:
$firstname = mysql_real_escape_string($_POST["firstname"]);
$lastname = mysql_real_escape_string($_POST["lastname"]);
$email = mysql_real_escape_string($_POST["email"]);
$address = mysql_real_escape_string($_POST["address"]);
$city = mysql_real_escape_string($_POST["city"]);
$postcode = mysql_real_escape_string($_POST["postcode"]);
$country = mysql_real_escape_string($_POST["country"]);
$cardnumber = mysql_real_escape_string(($_POST["cardnumber"]);
$expire = mysql_real_escape_string($_POST["expire"]);
$scode = mysql_real_escape_string($_POST["scode"]);
for ($i = 0; $i < sizeof($_POST["item_name"]); $i++){
$product_name = mysql_real_escape_string($_POST["item_name"][$i]);
$product_code =mysql_real_escape_string($_POST["item_code"][$i]);
$product_qty =mysql_real_escape_string($_POST["item_qty"][$i]);
$ordertotal = mysql_real_escape_string($_POST["ordertotal"][$i]);
// Make a connection to the MySQL database server
$dbserverIP="localhost";
$dbusername="root"; // Use your own name
$dbuserpassword=""; // Use your own password
$connection = mysql_connect($dbserverIP,$dbusername,$dbuserpassword) or die("Couldn't connect to the dbserver.");
// Make a connection to the database
$dbname="ecomm"; // Use your own database name
$dbselectok = mysql_select_db($dbname,$connection) or die("Couldn't select the remote database.");
// Issue an SQL INSERT INTO command to the MySQL RDBMS
$sqlstatement = "INSERT INTO `ecomm`.`order` (`firstname`, `lastname`, `email`, `address`, `city`, `postcode`, `country`, `cardnumber`, `expire`, `scode`, `product_name`, `product_code`, `product_qty`, `ordertotal`)
VALUES ('$firstname', '$lastname', '$email', '$address', '$city', '$postcode', '$country', '$cardnumber', '$expire', '$scode', '$product_name', '$product_code', '$product_qty', '$ordertotal')";
$sql_result = mysql_query($sqlstatement,$connection) or die("Couldn't execute the SQL INSERT statement");
}
我的PHP有点生疏,但这是基本结构,你必须调试和调整它以确保它正常工作。您需要在用户输入的任何变量字符串周围插入mysql_real_escape_string()以防止SQL注入。