输入数据库PHP的大小值

时间:2015-05-23 14:16:32

标签: php mysql

我不知道从哪里获取大小值并将其输入我的数据库

这是我的数据库表,名为transaksi,带有这些列 idtransaksi,noinvoice,idproduk,size,jumlah

这是我的脚本

chart.php

<?php
if (!isset($_SESSION)) {
session_start();
}
cek_status_login($_SESSION['idpelanggan']);
include ('chart.inc.php');
// Process actions
$chart = isset ($_SESSION['chart']) ? $_SESSION['chart'] : '';
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'add' :
    if ($chart) {
        $chart .= ',' . $_GET['id'];
    } else {
        $chart = $_GET['id'];
    }
    break;
//
//B002,5,S,B003,10,M
case 'delete' :
    if ($chart) {
        $items = explode(',', $chart);
        $newchart = '';
        foreach ($items as $item) {
            if ($_GET['id'] != $item) {
                if ($newchart != '') {
                    $newchart .= ',' . $item;
                } else {
                    $newchart = $item;
                }
            }
        }
        $chart = $newchart;
    }
    break;
case 'update' :
    if ($chart) {
        $newchart = '';
        foreach ($_POST as $key => $value) {
            if (stristr($key, 'qty')) {
                $id = str_replace('qty', '', $key);
                $items = ($newchart != '') ? explode(',', $newchart) : explode(',', $chart);
                $newchart = '';
                foreach ($items as $item) {
                    if ($id != $item) {
                        if ($newchart != '') {
                            $newchart .= ',' . $item;
                        } else {
                            $newchart = $item;
                        }
                    }
                }
                for ($i = 1; $i <= $value; $i++) {
                    if ($newchart != '') {
                        $newchart .= ',' . $id;
                    } else {
                        $newchart = $id;
                    }
                }
            }
        }
    }

    $chart = $newchart;
    break;
}
$_SESSION['chart'] = $chart;
?>

<section class="main-content">

<div class="row">
    <div class="span9">

        <?php echo writeShoppingchart();

echo showchart();

if (isset($_GET['s'])) {
    if ($_GET['status'] == OK) {
        echo "proses pembelian berhasil dilakukan sudah selesai";
    } else {
        echo "operasi gagal";
    }
}
        ?>

    </div>
    <script type="text/javascript">
$('.input').on('input',function(e){
 if($(this).data("lastval")!= $(this).val()){
 $(this).data("lastval",$(this).val());
    //change action
     alert('Anda Mengubah Jumlah SubTotal barang, Silahkan Update Keranjang Belanja');  
 };
 });
</script>
    <?php
    include ('inc/sidebar-front.php');
    ?>
</div>
</section>

chart.inc.php

<?php
function kd_transaksi() {
$kode_temp = fetch_row("SELECT noinvoice FROM invoice ORDER BY noinvoice DESC LIMIT 0,1");
if ($kode_temp == '')
    $kode = "E00001";
else {
    $jum = substr($kode_temp, 1, 6);
    $jum++;
    if ($jum <= 9)
        $kode = "E0000" . $jum;
    elseif ($jum <= 99)
        $kode = "E000" . $jum;
    elseif ($jum <= 999)
        $kode = "E00" . $jum;
    elseif ($jum <= 9999)
        $kode = "E0" . $jum;
    elseif ($jum <= 99999)
        $kode = "E" . $jum;
    else
        die("Kode pemesanan melebihi batas");
}
return $kode;
}

function writeShoppingchart() {
$chart = $_SESSION['chart'];
if (!$chart) {
    return '<h4 class="title"><span class="text pull-left"><strong>Keranjang Belanja Masih Kosong</strong></span></h4>';
} else {
    // Parse the chart session variable
    $items = explode(',', $chart);
    $s = (count($items) > 1) ? 's' : '';
    return '<h4 class="title"><span class="text pull-left"><strong>Periksa Jumlah Pesanan Anda Sebelum Check Out</strong></span></h4>';
}
}

function chartNotification() {
$chart = $_SESSION['chart'];
if (!$chart) {
    return '0';
} else {
    // Parse the chart session variable
    $items = explode(',', $chart);

    return count($items);
}
}
function getQty() {
$chart = $_SESSION['chart'];
if (!$chart) {
    return 0;
} else {
    // Parse the chart session variable
    $items = explode(',', $chart);
    $s = (count($items) > 1) ? 's' : '';
    return count($items);
}
}

function showchart() {
$chart = $_SESSION['chart'];
//  print_r($chart);
if ($chart) {
    $items = explode(',', $chart);
    $contents = array();
    $total='';
    foreach ($items as $item) {
        $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1;
    }
    $output[] = "<table class=\"table table-striped \">";
    $output[] = "<th><td>Nama</td><td>size</td><td> Harga</td><td>jumlah</td><td>diskon</td><td>subtotal</td><td>Aksi</td></th>";
    $output[] = '<form action="index.php?mod=chart&pg=chart&action=update" method="post" id="chart">';
    $no = 1;
    foreach ($contents as $id => $qty) {
        $sql = "SELECT produk.*, stok.harga_barang, stok.harga_jual, stok.jumlah, stok.ext_disc, stok.disc, stok.size FROM stok LEFT OUTER JOIN produk ON stok.idproduk = produk.idproduk WHERE produk.idproduk = '$id'";
        $result = mysql_query($sql);
        $row = mysql_fetch_object($result);
        $size = explode(',', $row->size);
        $quantity = ($row->jumlah);
        $diskonext =(($row->harga_jual)*($row->ext_disc)/100);
        $output[] = '<tr><td>' . $no . '</td>';

        $output[] = '<td>'.$row ->nama_produk. '<br /><img src=\'upload/produk/' . $row ->foto .' \' width=\'100px\' height=\'100px\'></td>';
        $output[] = '<td><select name="size" style="width:50px;">';
            for ($i = 0; $i < count($size); $i++){
                $output[] = '<option value="'. $size[$i] .'">'. $size[$i] .'</option>';
            }
        $output[] = '</select></td>';               
        $output[] = '<td>' . format_rupiah($row -> harga_barang) . '</td>';
        if ($qty >= 10){
        $total += (($row -> harga_jual) - $diskonext) * $qty;
        }else {
            $total += $row -> harga_jual * $qty;
        }
        if ($qty > $quantity){
        $output[] = '<td><input type="text" class="input-mini" name="qty' . $id . '" value="'.$quantity.'"/><br /><span class="label label-warning pull-right">Stok hanya '.$quantity.'</span></td>';           
        } else {
        $output[] = '<td><input type="text" onkeypress="alert(\'jumlah barang terganti, silahkan Update Keranjang belanja anda sebelum chekout\');" class="input-mini" name="qty' . $id . '" value="' . $qty . '"/></td>';
        }
        if ($qty >= 10){
            $output[] = '<td>' . $row->disc . ' % + '. $row -> ext_disc .'% </td>';
        } else {
            $output[] = '<td>' . $row->disc . ' %</td>';
        }           

        if ($qty >= 10){
            if ($qty > $quantity){
            $output[] = '<td>'.format_rupiah(($row->harga_jual - $diskonext)*$quantity).'</td>';
            } else {
                $output[] = '<td>'.format_rupiah(($row->harga_jual - $diskonext)*$qty).'</td>';
            }
        }else{
            if ($qty >= $quantity){
            $output[] = '<td>'.format_rupiah($row->harga_jual*$quantity).'</td>';
            } else {
                $output[] = '<td>'.format_rupiah($row->harga_jual*$qty).'</td>';
            }
        }

        $output[] = '<td><a href="index.php?mod=chart&pg=chart&action=delete&id=' . $id . '" class="btn btn-danger">Hapus</a></td></tr>';
        $no++;
    }
    $output[] = '<tr><td colspan=\'6\' ><h4>Total Belanja Anda</h4></td><td colspan=\'2\'><h4>'. format_rupiah($total) .'</h4></td></tr>';
    $output[] = "</table>";

    $qty = getQty();
    $_SESSION['totalbayar'] = $total;
    $output[] = '<button type="submit" class=\'btn btn-primary\'>Update Keranjang Belanja</button>';
    if ($qty >= ($row->jumlah)){
    $output[] ='<button type="submit" class=\'btn btn-success pull-right\'>Update Keranjang Belanja Anda</button>';
    } else {
        $output[] ='<a href=\'chart/chart_action.php\' class=\'btn btn-success pull-right\'>Check out</a>';
    }
    $output[] = '</form>';
} else {
    $output[] = '<p>Keranjang belanja masih kosong.</p>';
}
return join('', $output);
}

function insertToDB($kd_transaksi, $idpelanggan, $totalbayar, $sizes) {
$chart = isset($_SESSION['chart'])? $_SESSION['chart']: '';
if ($chart) {
    $items = explode(',', $chart);
    $contents = array();
    foreach ($items as $item) {
        $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1;
    }
    $sql_transaksi = "insert into invoice (noinvoice,tanggal,totalbayar,idpelanggan) 
    values( '$kd_transaksi', now(),'$totalbayar','$idpelanggan')";
    //echo "SQL transaksi:".$sql_transaksi;
    mysql_query($sql_transaksi) or die(mysql_error());
    foreach ($contents as $id => $qty) {
        $sql = "insert into transaksi(noinvoice,idproduk,size,jumlah)
        values('$kd_transaksi','$id','$sizes','$qty')";
        //      echo "SQL transaksi:".$sql;
        $result = mysql_query($sql) or die(mysql_error());
    }
} else {
    $output[] = '<p>Keranjang belanja masih kosong.</p>';
}
}
?>

和chart.action.php

<?php
session_start();

require_once ('../inc/config.php');
require_once ('../inc/function.php');
require_once ('../chart/chart.inc.php');
$idpelanggan=$_SESSION['idpelanggan'];
/* menambahkan kode pesan dan detail pesan kedalam database*/
$kd_transaksi = kd_transaksi();
$total_bayar = $_SESSION['totalbayar'];
insertToDB($kd_transaksi,$idpelanggan,$total_bayar);
//check if query successful

$link="location:../index.php?mod=chart&pg=chart_ship&total_bayar=$total_bayar&kd_transaksi=$kd_transaksi";
    header($link);
?>

仍然对如何向数据库输入大小值感到困惑。如果您需要更多信息来帮助我告诉我我必须做什么

由于

1 个答案:

答案 0 :(得分:3)

函数insertToDB在上面的代码中定义了4个参数:

function insertToDB($kd_transaksi, $idpelanggan, $totalbayar, $sizes) {

但只用3个值调用它:

insertToDB($kd_transaksi,$idpelanggan,$total_bayar);

所以我建议在调用函数时传递变量size的值:

insertToDB($kd_transaksi,$idpelanggan,$total_bayar,$_POST["size"]);

顺便说一句:评论者@giraff在表达SQL注入时是绝对正确的。您的脚本容易受到攻击。您一定要检查并清理用户提交的数据!