我在将数据插入php myadmin数据库时遇到问题。让我试着解释一下我想要完成的事情。我在将付款明细插入用户详细信息的同一行时遇到问题。
This image below will show my table
在上面的照片中,名为“FirstName,LastName,DOB,Age,Total”的列中的数据是从名为“page2_age_test.php”的文件中找到的表单生成的。源代码如下所示:
Page2_Age_test.php
<?php include 'include/connection.php' ?>
<html>
<head>
<title>Age Verification</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/bootstrap.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
<link rel="stylesheet" type="text/css" href="css/bootstrap-theme.css">
</head>
<body>
<h1>Age Verification:</h1>
<p>Please fill out the form below.</p>
<form action="page2_age_test.php" method="post">
<label for="first">First Name:</label>
<input type="text" name="first" placeholder="Enter first name">
<br>
<label for="last">Last Name:</label>
<input type="text" name="last" placeholder="Enter last name">
<br>
<label for="date">Enter your Date of Birth:</label>
<input type="date" name="date">
<br>
<label for="rush"> Check for a rush order(A $200 fee will apply.)</label>
<input type="checkbox" name="rush"> <p>(optional)</p>
<br>
<br>
<input type="submit" name="submit">
</form>
</table>
</div>
</div>
</div>
<!-- /.row -->
</div>
<?php
// function to execute by default if rush order is not selected.
function standard_order(){
global $connection;
$dob = $_POST['date'];
$age = (date("Y/m/d") - $dob) * 12;
if(isset($_POST['submit'])){
$first = $_POST['first'];
$last = $_POST['last'];
$dob = $_POST['date'];
if($age >= 186){
$price = 50;
echo "Your passport will cost $$price";
}else{
$price = 25;
echo "Your passport will cost $$price";
}
// Insert Data into Database.
$query = "INSERT INTO orders (FirstName, LastName, DOB, Age, Total) VALUES ('$first','$last','$dob','$age','$price')";
$insert = mysqli_query($connection, $query);
if(!$insert){
die('Query has failed :('.mysqli_error($connection));
}
}
}
// Function executes if rush order is checked.
function rush_order(){
global $connection;
$dob = $_POST['date'];
$age = (date("Y/m/d") - $dob) * 12;
if(isset($_POST['rush']) && $age >= 186 ){
$first = $_POST['first'];
$last = $_POST['last'];
$price = 50;
$total = $price + 200;
echo "Your total is $$total";
}elseif(isset($_POST['rush']) && $age < 186){
$price = 25;
$total = $price + 200;
echo "Your total is $$total";
}
// Insert Data into Database.
$query = "INSERT INTO orders (FirstName, LastName, DOB, Age, Total) VALUES ('$first','$last','$dob','$age','$total')";
$insert = mysqli_query($connection, $query);
if(!$insert){
die('Query has failed :('.mysqli_error($connection));
}
}
if(isset($_POST['submit']) and isset($_POST['rush'])){
rush_order();
}elseif(isset($_POST['submit'])){
standard_order();
}
?>
</body>
</html>
在名为“page3_payment.php”的serperate文件中(请参阅下面的源代码),我尝试插入付款详细信息。我希望将信息插入同一行。如果我要创建一个新的INSERT QUERY,将创建一个新行。我做了一些研究,发现UPDATE查询会给我一个解决方案但是当我尝试它时什么也没发生。我的主要问题是如何将所有信息插入一行?
此外,您会注意到日期仍以月份显示。我还没有纠正过。
Page3_payment.php
<?php include 'include/connection.php' ?>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/bootstrap.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
<link rel="stylesheet" type="text/css" href="css/bootstrap-theme.css">
<title>Payment</title>
</head>
<body>
<?php
function cash(){
global $connection;
if(isset($_POST['submit_cash'])){
$cash_recieved = $_POST['cash_recieved'];
$sql = "SELECT Total FROM orders";
$result = mysqli_query($connection,$sql);
while($row = mysqli_fetch_assoc($result)){
$total = $row['Total'];
// $change = $total - $cash_recieved ;
// echo $change;
}
//$change = $total - $cash recieved
if($cash_recieved >= $total/*Total in the database*/){
// echo "$"."{$total}";
$change = $cash_recieved - $total;
echo "The change is $" .$change;
}elseif($cash_recieved < $total){
echo "Error the amount inserted is not enough";
}
}
}
function credit(){
global $connection;
global $total;
// Card processing!!
if (isset($_POST['submit_card']) && isset($_POST['credit'])) {
$credit = $_POST['credit'];
for ($i=0; $i <sizeof($credit) ; $i++) {
$cardname = $_POST['cardname'];
$cardnumber = $_POST['cardnumber'];
$exp_date = $_POST['exp_date'];
$security_code = $_POST['security_code'];
$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE Order='[23]'";
$C_card_query= mysqli_query($connection,$query);
echo "Card accepted";
// $query="INSERT INTO orders (Payment_method) VALUES ('" . $credit[$i] . "')";
// mysqli_query($connection,$query) or die (mysqli_error() );
}
echo "Complete";
}
// $cardname = $_POST['cardname'];
// $cardnumber = $_POST['cardnumber'];
// $exp_date = $_POST['exp_date'];
// $security_code = $_POST['security_code'];
// $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total')";
// $C_card_query= mysqli_query($connection,$query);
// echo "Card accepted";
// C_number,Exp_date,Sec_code,Amount_paid,Payment_method)
}
?>
<h1>Choose your payment method</h1>
<?php
$sql = "SELECT Total FROM orders";
$result = mysqli_query($connection,$sql);
while($row = mysqli_fetch_assoc($result)){
$total = $row['Total'];
echo "The total is $" . "{$total}";
// $change = $total - $cash_recieved ;
// echo $change;
}
?>
<form action="page3_payment.php" method="post">
<label for="credit">Credit:</label>
<input type="checkbox" name="credit[]" value ="credit" required>
<br>
<label for="cardname">Enter Name (as it appears on your card):</label>
<input type="text" name="cardname" placeholder=" Cardholders name" required>
<br>
<label for="cardnumber">Enter cardnumber (no spaces of dashes):</label>
<input type="number" name="cardnumber" placeholder="Enter Card Number" required><!-- Can hold no more than 16 characters -->
<br>
<label for="exp_date">Expiration date:</label>
<input type="date" name="exp_date" required><!-- Fomat in this manner: mm/YY -->
<br>
<label for="security_code">Security Code:</label>
<input type="number" name="security_code" placeholder="Enter three digit code on back of card" required > <!-- Character Limit is 3 -->
<br>
<input type="submit" name="submit_card">
</form>
<form action="#" method="post">
<label for="cash">Cash:</label>
<input type="checkbox" name="cash" value="cash">
<p>$</p><input type="number" name="cash_recieved">
<br>
<input type="submit" name="submit_cash" required>
</form>
<?php
if(isset($_POST['credit']) && isset($_POST['submit_card'])){
credit();
}elseif(isset($_POST['cash']) && isset($_POST['submit_cash'])){
cash();
}
?>
</body>
</html>
<?php
// function credit(){
// global $connection;
// global $total;
// // Card processing!!
// if (isset($_POST['submit_card']) && isset($_POST['credit'])) {
// $credit = $_POST['credit'];
// for ($i=0; $i <sizeof($credit) ; $i++) {
// $cardname = $_POST['cardname'];
// $cardnumber = $_POST['cardnumber'];
// $exp_date = $_POST['exp_date'];
// $security_code = $_POST['security_code'];
// $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid,Payment_method) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total', '" . $credit[$i] . "')";
// $C_card_query= mysqli_query($connection,$query);
// echo "Card accepted";
// // $query="INSERT INTO orders (Payment_method) VALUES ('" . $credit[$i] . "')";
// // mysqli_query($connection,$query) or die (mysqli_error() );
// }
// echo "Complete";
// }
// // $cardname = $_POST['cardname'];
// // $cardnumber = $_POST['cardnumber'];
// // $exp_date = $_POST['exp_date'];
// // $security_code = $_POST['security_code'];
// // $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total')";
// // $C_card_query= mysqli_query($connection,$query);
// // echo "Card accepted";
// }
?>
答案 0 :(得分:0)
您需要转义SQL关键字order才能使查询正常工作。
$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE `Order`='23'";
要调试此类错误,您需要使用mysqli_error函数并打印其结果,以防在调试过程中有任何错误。
您还遇到SQL-injection问题。在这里查看它是什么以及如何保护:http://php.net/manual/en/security.database.sql-injection.php
答案 1 :(得分:-1)
这个WHERE子句看起来很时髦:
$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE Order='[23]'";
您要求您的SQL查找与[23]匹配的订单,请尝试将其更改为:
$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE Order='23'";