为什么我的编码无法插入订购表并链接到PayPal?

时间:2015-11-07 03:20:46

标签: php mysql paypal

首先,orderdetail.php是来自order.php的POST数据,orderdetail是指向PayPal页面的链接以进行付款。点击" PAY"按钮,它会将用户引导至PayPal页面,购物车表中的数据将被删除并插入到MYSQL的订购表中。

这是orderdetail.php:

<div class="shopmain shopbox" style="margin-bottom:10px;">
<?php    

$result=mysql_query("select * from cart  where  username='$user'"); 
$rownum=mysql_num_rows($result);  

while($row=mysql_fetch_array($result)){

?> 

<ul> 
      <li class="boxa"> <img src="<?php echo $row['pass_url']?>" width="130" height="98"> </li>
      <li class="boxb">
      <h3>Food name</h3>
      <h4><?php echo $row['pass_name']?></h4>
      </li>

      <li class="boxc">
      <h3>Restaurant</h3>
      <h4><?php echo $row['pass_restaurant']?></h4>
      </li>

      <li class="boxc">
      <h3>Food Price</h3>
      <h4>RM <?php echo $row['pass_price']?> </h4>
      </li>

      <li class="boxc">
      <h3>Order num</h3>
      <h4> <?php echo $row['pass_num']?> </h4>
      </li>

      <li class="boxc">
      <h3>Total</h3>
      <h4>RM <i><?php echo $row['pass_total']?></i></h4>
      </li>
</ul>
  <?php } ?> 
  <form action="paydetail.php?pass_total=<?php echo $row2['SUM(pass_total)'];?>" method="get" id="pay">
  <?php    

$result2=mysql_query("select SUM(pass_total) from cart  where  username='$user'"); 
while($row2=mysql_fetch_array($result2)){
  ?>

 <div class="total" style="font-size:32px;"> Total : <strong></strong>RM <i><?php echo $row2['SUM(pass_total)'];?></i></div>
</div>
<?php }?> 
<div class="detaltop">
      <h3>Orderer information </h3>
</div>

<div class="pay">

  <ul>
<?php

$arr = mysql_query("select * from  customer  where username='$user'");
$result = mysql_fetch_array($arr) 
?>
     <li><span>Orderer's name &nbsp;&nbsp; </span><?php echo $result["fullname"]; ?></li>
     <li><span>Contact number &nbsp;&nbsp; </span><?php echo $result["hpno"]; ?> </li>
     <li><span>Email &nbsp;&nbsp; </span><?php echo $result["email"]; ?> </li>



     <input name="submit" type="submit" value="PAY" class="buttoncss">
   </ul>
 </form>
</div>           
</div>

用户点击&#34; PAY&#34;按钮,它指向paydetail.php:

<?php 
session_start();  
ini_set('error_reporting', 'E_ALL ^ E_NOTICE');
header("Content-type: text/html; charset=utf-8"); 
include("conn.php");

$user = $_SESSION['username'];

$result1=mysql_query("select * from cart  where username='$user'"); 

$row=mysql_fetch_array($result1);

$result2=mysql_query("select * from customer  where username='$user'"); 

$row1=mysql_fetch_array($result2);

$result=mysql_query("INSERT INTO `ordering` (`orderID` ,`order_no` ,`order_user` ,`order_foods_id`,`order_num` ,`order_name`,`order_phone`,`order_email`,`order_time` ,`order_pay`) VALUES('','$booknum','$user','$row[pass_id]','$row[pass_num]','$row1[fullname]','$row1[hpno],'$row1[email]',now(),'$row[pass_total]')"); 

mysql_query("delete  from   cart  where username='$user'"); 


?>

<!DOCTYPE >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tumy</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="scripts/jquery.min.js"></script>
</head>
<body>
<div style="display:none">
<form action="https://www.paypal.com/cgi-bin/webcsr" method="post" id="pay">
    <input name="cmd" type="hidden" value="_xclick" />
    <input name="seat" type="hidden" value="" />
    <input name="business" type="text"  class="paybox"  value="tumy@yahoo.com" />
    <input name="item_name" type="text"  class="paybox" value="<?php echo  "goods"; ?>" />
    <input name="amount" type="text"  class="paybox"  value="<?php echo  $total; ?>" />
    <input name="currency_code" type="hidden" value="MYR" />
</form>
</div>
<script>

$(document).ready(function() {

$("#pay").submit();


});
</script>
</body>
</html>

所以我想问为什么购物车中的数据无法插入订购表?但它可以在点击&#34; PAY&#34;之后删除购物车中的数据。按钮。

1 个答案:

答案 0 :(得分:0)

我只回答你们中的一个问题。他们没有关系。修复后,编辑标题并发布新帖子。你的mysql语法有错误。写下面的代码

if (!$result) {  echo 'Mysql Error'; exit();}

然后你需要找出那个错误是什么。这可能是很多事情,但首先要使用PHPMyadmin测试查询并删除&#39; $ booknum&#39;周围的单引号。并写作&#34;。$ booknum。&#34;

然后研究如何逃避字符串的安全性。 mysql_real_escape($ booknum)或类似的东西。

"INSERT INTO `ordering` (`orderID` ,`order_no` ,`order_user` ,`order_foods_id`,`order_num` ,`order_name`,`order_phone`,`order_email`,`order_time` ,`order_pay`) VALUES('',".$booknum.",'$user','$row[pass_id]','$row[pass_num]','$row1[fullname]','$row1[hpno],'$row1[email]',now(),'$row[pass_total]')"
相关问题
最新问题