PHP代码没有将数据输入数据库

时间:2011-04-21 12:44:21

标签: php mysql

    $name = $_GET['fullname'];
    $phone = $_GET['phone'];
    $address = $_GET['address'];
    $size = $_GET['size'];
    $toppings = $_GET['toppings'];
    $delivery = $_GET['type'];



    mysql_connect ("localhost", "root", "") or die ('Error: ' . mysql_error());
    mysql_select_db ("pizzaorders");
    $query ="INSERT INTO orders (fullname, phone, address, size, toppings, delivery)  VALUES ('".$name."', '".$phone."', '".$address."','".$size."','".$toppings."','".$delivery.")";
    $done=mysql_query($query);
    echo $done;        

    $total = 0;
    $total = sizecost()  + deliverycost() + toppingcost();

    echo " $name  your {$_GET["size"]} pizza will come in 45 minutes.";
    echo "Total: $ $total";
    echo " Your Toppings are ";
    foreach($toppings as $topping) {
    echo $topping  ;
     }
    echo "Your Delivery Type:{$_GET["type"]}";
    echo "Database Updated";

    function sizecost() {
        $size = 0;
        if ($_GET['size'] == "Small"){
            $size+=5;

        }
        else if ($_GET['size'] == "Medium"){
            $size+=10;

        }
        else if ($_GET['size'] == "Large"){
             $size+=15;
        }
         return $size;


    }

   function toppingcost() {
        $toppings = $_GET['toppings'];

        foreach($toppings as $topping) {
         $topping=1;    
         $topping=$topping+1; 
     }
        return $topping;
    }

    function deliverycost() {
        $deliverycost = 0;
        if ($_GET['type'] == "delivery") {
            $deliverycost += 5;
        }
        return $deliverycost;
    }

6 个答案:

答案 0 :(得分:8)

最后一个值在最后缺少单引号。

答案 1 :(得分:2)

echo mysql_error

之后使用mysql_query

答案 2 :(得分:2)

重要

必须使用mysql_real_escape_string()来防止 [我的] sql注入

答案 3 :(得分:2)

使用PDO;

可以节省大量精力
$db = new PDO('mysql:host=localhost;dbname=pizzaorders', "root", "");

$query = $db->prepare("INSERT INTO orders
           (fullname, phone, address, size, toppings, delivery)
           VALUES (?,?,?,?,?,?)");
$query->execute(array($name, $phone, $address, $size, $toppings, $delivery));

或者你可以在那里使用$ _GET []变量。

答案 4 :(得分:0)

首先你可以在屏幕上打印错误,这样你就知道出了什么问题

$done=mysql_query($query) or die(mysql_error());

第二,你在最后错过了一个引用

,'".$delivery.")";应为,'".$delivery."')";

修改

回答你的第二个问题:

我认为你不能在函数

中使用$_GET['type']

最好在函数外部获取类型,然后将其作为参数传递,如下所示:

$type = mysql_real_escape_string($_GET['type']);
deliverycost($type);

并在您的函数中

function deliverycost($type) 
{
      if(empty($type))
      {
            //throw error, type cannot be empty
      }
        $deliverycost = 0;
        if ($type == "delivery") {
            $deliverycost += 5;
        }
        return $deliverycost;
    }

答案 5 :(得分:0)

确保您逃脱单引号,如:

mysql_real_escape_string($name)

查询将是:

$query ="INSERT INTO orders (fullname, phone, address, size, toppings, delivery) 
VALUES ('".mysql_real_escape_string($name)."', '".mysql_real_escape_string($phone)."', '".mysql_real_escape_string($address)."','".mysql_real_escape_string($size)."','".mysql_real_escape_string($toppings)."','".mysql_real_escape_string($delivery)."')";

同样回显查询以查看正在向数据库发送的查询。