我正在做一个订单表单,我希望将用户ID和产品ID插入数据库中。好吧一切都正常,但我的数据没有插入数据库..我已经多次检查我的代码,我不知道我在这里做错了什么。我希望有人能在这里指出我的错误。先感谢您
这是我的代码:
的 product.php
<?php session_start(); //start new or resuming existing session
if(!$_SESSION['uid']){ //if session variable(which is the user_id) not same then it will proceed to condition
header("Location: product.php"); //redirect to login page to secure the welcome page without login access.
}
$connection = mysqli_connect("localhost","root","" , "SCINFO");
if (!$connection) {
die('Could not connect to MySQL: ' . mysqli_error());
}
$result = mysqli_query($connection, "SELECT * FROM PRODUCT");
if(mysqli_num_rows($result) > 0){
while($row = mysqli_fetch_array($result)){
//display the product list and its details
$pid = $row["PRD_ID"];
$pnm = $row["PRD_NAME"];
$prc = $row["PRD_PRICE"];
$pdc = $row["PRD_DEC"];
$pmg = $row["PRD_IMG"];
}
}
?>
<!DOCTYPE html>
<html>
<body>
<h1><font color="#B20047">Product or Items</font></h1>
<table align="center">
<tr>
<?php
$result = mysqli_query($connection, "SELECT * FROM PRODUCT");
if(mysqli_num_rows($result) > 0){
while($row = mysqli_fetch_array($result)){
echo '<td>';
echo '<img id="x" src="'.$row["PRD_IMG"].'"><br>';
echo '<br><b>Item Name</b>: '.$row["PRD_NAME"];
echo '<br>Price: RM '.$row["PRD_PRICE"];
echo '<br>Description: '.$row["PRD_DEC"];
echo '<br><font color="red">Limited!</font> <a href="order.php?id='.$row['PRD_ID'].'">Buy Now</a>';
echo '</td>';
}
}
?>
</tr>
</table>
</body>
</html>
order.php
<?php session_start(); //start new or resuming existing session
if(!$_SESSION['uid']){ //if session variable(which is the user_id) not same then it will proceed to condition
header("Location: product.php"); //redirect to login page to secure the welcome page without login access.
}
//setting connection to the database
$connection = mysqli_connect("localhost", "root", "", "SCINFO");
//checking the connection
if(mysqli_connect_errno()){
echo "Connection Failed!";
}
//id is defined
$id = $_GET['id'];
?>
<!DOCTYPE html>
<html>
<body>
<h2 align="left">Purchase/Order Items</h2>
<i>*Note: All payment method is done by cash only</i><br><br>
<form method="post" action="ordprc.php">
<table align="center">
<tr bgcolor="#996699">
<td>Product ID</td>
<td>Product Name</td>
<td>Price (RM)</td>
<td>Product Description</td>
</tr>
<?php
//prints the data in table
$result = mysqli_query($connection, "SELECT * FROM PRODUCT WHERE PRD_ID='$id'");
// loop through results of database query, displaying them in the table
while($row = mysqli_fetch_array( $result)) {
// echo out the contents of each row
echo "<tr>";
echo '<td>'.$row['PRD_ID'].'</td>'; //prints out the product ID in text field
echo '<td>'.$row['PRD_NAME'].'</td>'; //prints out the product name
echo '<td>'.$row['PRD_PRICE'].'</td>'; //prints out the product price
echo '<td>'.$row['PRD_DEC'].'</td>'; //prints out the product price
echo "</tr>";
}
?>
<tr>
<td colspan="5" align="left"><hr><br><h2>Please fill up : </h2></td>
</tr>
<tr>
<td>User_ID : </td>
<td><input type="text" name="uiid"></td>
<td>Product_ID : </td>
<td><input type="text" name="pid"></td>
</tr>
<tr>
<td colspan="4" align="right"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
</body>
</html>
ordprc.php
$server = "localhost";
$uname = "root";
$pwd = "";
$dbname = "SCINFO";
//connecting to mysqli
$connection = mysqli_connect($server, $uname, $pwd, $dbname);
// Check connection
if (mysqli_connect_errno()){
echo "Connection failed!";//If connection fails, prints msg
}
if($_SERVER["REQUEST_METHOD"] == "POST"){
if($_POST["submit"]){
$uiid = mysqli_real_escape_string($connection, $_POST['uiid']);
$pid = mysqli_real_escape_string($connection, $_POST['pid']);
// sql to delete a record
$sql = "INSERT INTO ORDER (USER_ID, PRD_ID) VALUES ('".$uiid."', '".$pid."')";
if(mysqli_query($connection, $sql)){
//print message if pusrchase succesfull
echo "success!";
}
else{
//print error message if pusrchase unsuccesfull
echo "Unsuccesful Purchasing!".mysqli_error($connection);
}
}
}
?>
答案 0 :(得分:0)
我很确定这是因为表名“order”是sql中的限制词。
尝试:
$sql = "INSERT INTO ´ORDER´ (USER_ID, PRD_ID) VALUES ('".$uiid."', '".$pid."')";