我不知道从哪里获取大小值并将其输入我的数据库
这是我的数据库表,名为transaksi,带有这些列 idtransaksi,noinvoice,idproduk,size,jumlah
这是我的脚本
chart.php
<?php
if (!isset($_SESSION)) {
session_start();
}
cek_status_login($_SESSION['idpelanggan']);
include ('chart.inc.php');
// Process actions
$chart = isset ($_SESSION['chart']) ? $_SESSION['chart'] : '';
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'add' :
if ($chart) {
$chart .= ',' . $_GET['id'];
} else {
$chart = $_GET['id'];
}
break;
//
//B002,5,S,B003,10,M
case 'delete' :
if ($chart) {
$items = explode(',', $chart);
$newchart = '';
foreach ($items as $item) {
if ($_GET['id'] != $item) {
if ($newchart != '') {
$newchart .= ',' . $item;
} else {
$newchart = $item;
}
}
}
$chart = $newchart;
}
break;
case 'update' :
if ($chart) {
$newchart = '';
foreach ($_POST as $key => $value) {
if (stristr($key, 'qty')) {
$id = str_replace('qty', '', $key);
$items = ($newchart != '') ? explode(',', $newchart) : explode(',', $chart);
$newchart = '';
foreach ($items as $item) {
if ($id != $item) {
if ($newchart != '') {
$newchart .= ',' . $item;
} else {
$newchart = $item;
}
}
}
for ($i = 1; $i <= $value; $i++) {
if ($newchart != '') {
$newchart .= ',' . $id;
} else {
$newchart = $id;
}
}
}
}
}
$chart = $newchart;
break;
}
$_SESSION['chart'] = $chart;
?>
<section class="main-content">
<div class="row">
<div class="span9">
<?php echo writeShoppingchart();
echo showchart();
if (isset($_GET['s'])) {
if ($_GET['status'] == OK) {
echo "proses pembelian berhasil dilakukan sudah selesai";
} else {
echo "operasi gagal";
}
}
?>
</div>
<script type="text/javascript">
$('.input').on('input',function(e){
if($(this).data("lastval")!= $(this).val()){
$(this).data("lastval",$(this).val());
//change action
alert('Anda Mengubah Jumlah SubTotal barang, Silahkan Update Keranjang Belanja');
};
});
</script>
<?php
include ('inc/sidebar-front.php');
?>
</div>
</section>
chart.inc.php
<?php
function kd_transaksi() {
$kode_temp = fetch_row("SELECT noinvoice FROM invoice ORDER BY noinvoice DESC LIMIT 0,1");
if ($kode_temp == '')
$kode = "E00001";
else {
$jum = substr($kode_temp, 1, 6);
$jum++;
if ($jum <= 9)
$kode = "E0000" . $jum;
elseif ($jum <= 99)
$kode = "E000" . $jum;
elseif ($jum <= 999)
$kode = "E00" . $jum;
elseif ($jum <= 9999)
$kode = "E0" . $jum;
elseif ($jum <= 99999)
$kode = "E" . $jum;
else
die("Kode pemesanan melebihi batas");
}
return $kode;
}
function writeShoppingchart() {
$chart = $_SESSION['chart'];
if (!$chart) {
return '<h4 class="title"><span class="text pull-left"><strong>Keranjang Belanja Masih Kosong</strong></span></h4>';
} else {
// Parse the chart session variable
$items = explode(',', $chart);
$s = (count($items) > 1) ? 's' : '';
return '<h4 class="title"><span class="text pull-left"><strong>Periksa Jumlah Pesanan Anda Sebelum Check Out</strong></span></h4>';
}
}
function chartNotification() {
$chart = $_SESSION['chart'];
if (!$chart) {
return '0';
} else {
// Parse the chart session variable
$items = explode(',', $chart);
return count($items);
}
}
function getQty() {
$chart = $_SESSION['chart'];
if (!$chart) {
return 0;
} else {
// Parse the chart session variable
$items = explode(',', $chart);
$s = (count($items) > 1) ? 's' : '';
return count($items);
}
}
function showchart() {
$chart = $_SESSION['chart'];
// print_r($chart);
if ($chart) {
$items = explode(',', $chart);
$contents = array();
$total='';
foreach ($items as $item) {
$contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1;
}
$output[] = "<table class=\"table table-striped \">";
$output[] = "<th><td>Nama</td><td>size</td><td> Harga</td><td>jumlah</td><td>diskon</td><td>subtotal</td><td>Aksi</td></th>";
$output[] = '<form action="index.php?mod=chart&pg=chart&action=update" method="post" id="chart">';
$no = 1;
foreach ($contents as $id => $qty) {
$sql = "SELECT produk.*, stok.harga_barang, stok.harga_jual, stok.jumlah, stok.ext_disc, stok.disc, stok.size FROM stok LEFT OUTER JOIN produk ON stok.idproduk = produk.idproduk WHERE produk.idproduk = '$id'";
$result = mysql_query($sql);
$row = mysql_fetch_object($result);
$size = explode(',', $row->size);
$quantity = ($row->jumlah);
$diskonext =(($row->harga_jual)*($row->ext_disc)/100);
$output[] = '<tr><td>' . $no . '</td>';
$output[] = '<td>'.$row ->nama_produk. '<br /><img src=\'upload/produk/' . $row ->foto .' \' width=\'100px\' height=\'100px\'></td>';
$output[] = '<td><select name="size" style="width:50px;">';
for ($i = 0; $i < count($size); $i++){
$output[] = '<option value="'. $size[$i] .'">'. $size[$i] .'</option>';
}
$output[] = '</select></td>';
$output[] = '<td>' . format_rupiah($row -> harga_barang) . '</td>';
if ($qty >= 10){
$total += (($row -> harga_jual) - $diskonext) * $qty;
}else {
$total += $row -> harga_jual * $qty;
}
if ($qty > $quantity){
$output[] = '<td><input type="text" class="input-mini" name="qty' . $id . '" value="'.$quantity.'"/><br /><span class="label label-warning pull-right">Stok hanya '.$quantity.'</span></td>';
} else {
$output[] = '<td><input type="text" onkeypress="alert(\'jumlah barang terganti, silahkan Update Keranjang belanja anda sebelum chekout\');" class="input-mini" name="qty' . $id . '" value="' . $qty . '"/></td>';
}
if ($qty >= 10){
$output[] = '<td>' . $row->disc . ' % + '. $row -> ext_disc .'% </td>';
} else {
$output[] = '<td>' . $row->disc . ' %</td>';
}
if ($qty >= 10){
if ($qty > $quantity){
$output[] = '<td>'.format_rupiah(($row->harga_jual - $diskonext)*$quantity).'</td>';
} else {
$output[] = '<td>'.format_rupiah(($row->harga_jual - $diskonext)*$qty).'</td>';
}
}else{
if ($qty >= $quantity){
$output[] = '<td>'.format_rupiah($row->harga_jual*$quantity).'</td>';
} else {
$output[] = '<td>'.format_rupiah($row->harga_jual*$qty).'</td>';
}
}
$output[] = '<td><a href="index.php?mod=chart&pg=chart&action=delete&id=' . $id . '" class="btn btn-danger">Hapus</a></td></tr>';
$no++;
}
$output[] = '<tr><td colspan=\'6\' ><h4>Total Belanja Anda</h4></td><td colspan=\'2\'><h4>'. format_rupiah($total) .'</h4></td></tr>';
$output[] = "</table>";
$qty = getQty();
$_SESSION['totalbayar'] = $total;
$output[] = '<button type="submit" class=\'btn btn-primary\'>Update Keranjang Belanja</button>';
if ($qty >= ($row->jumlah)){
$output[] ='<button type="submit" class=\'btn btn-success pull-right\'>Update Keranjang Belanja Anda</button>';
} else {
$output[] ='<a href=\'chart/chart_action.php\' class=\'btn btn-success pull-right\'>Check out</a>';
}
$output[] = '</form>';
} else {
$output[] = '<p>Keranjang belanja masih kosong.</p>';
}
return join('', $output);
}
function insertToDB($kd_transaksi, $idpelanggan, $totalbayar, $sizes) {
$chart = isset($_SESSION['chart'])? $_SESSION['chart']: '';
if ($chart) {
$items = explode(',', $chart);
$contents = array();
foreach ($items as $item) {
$contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1;
}
$sql_transaksi = "insert into invoice (noinvoice,tanggal,totalbayar,idpelanggan)
values( '$kd_transaksi', now(),'$totalbayar','$idpelanggan')";
//echo "SQL transaksi:".$sql_transaksi;
mysql_query($sql_transaksi) or die(mysql_error());
foreach ($contents as $id => $qty) {
$sql = "insert into transaksi(noinvoice,idproduk,size,jumlah)
values('$kd_transaksi','$id','$sizes','$qty')";
// echo "SQL transaksi:".$sql;
$result = mysql_query($sql) or die(mysql_error());
}
} else {
$output[] = '<p>Keranjang belanja masih kosong.</p>';
}
}
?>
和chart.action.php
<?php
session_start();
require_once ('../inc/config.php');
require_once ('../inc/function.php');
require_once ('../chart/chart.inc.php');
$idpelanggan=$_SESSION['idpelanggan'];
/* menambahkan kode pesan dan detail pesan kedalam database*/
$kd_transaksi = kd_transaksi();
$total_bayar = $_SESSION['totalbayar'];
insertToDB($kd_transaksi,$idpelanggan,$total_bayar);
//check if query successful
$link="location:../index.php?mod=chart&pg=chart_ship&total_bayar=$total_bayar&kd_transaksi=$kd_transaksi";
header($link);
?>
仍然对如何向数据库输入大小值感到困惑。如果您需要更多信息来帮助我告诉我我必须做什么
由于
答案 0 :(得分:3)
函数insertToDB
在上面的代码中定义了4个参数:
function insertToDB($kd_transaksi, $idpelanggan, $totalbayar, $sizes) {
但只用3个值调用它:
insertToDB($kd_transaksi,$idpelanggan,$total_bayar);
所以我建议在调用函数时传递变量size
的值:
insertToDB($kd_transaksi,$idpelanggan,$total_bayar,$_POST["size"]);
顺便说一句:评论者@giraff在表达SQL注入时是绝对正确的。您的脚本容易受到攻击。您一定要检查并清理用户提交的数据!