我正在尝试从提交的值创建数据库值,并插入到同一个数据库中。我创造的价值是$tprice = '$Price' * '$Pquantity';
在下面的代码中,但它没有插入
<?php
$submit = $_POST['Add'];
//form data
$Sname = mysql_real_escape_string(htmlentities(strip_tags($_POST['Sname'])));
$Pname = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pname'])));
$Pidno = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pidno'])));
$Psize = mysql_real_escape_string(htmlentities(strip_tags($_POST['Psize'])));
$Pcolour = mysql_real_escape_string(htmlentities(strip_tags($_POST['Pcolour'])));
$Pquantity = $_POST['Pquantity'];
$Weblink = mysql_real_escape_string(htmlentities(strip_tags($_POST['Weblink'])));
$Price = mysql_real_escape_string(htmlentities(strip_tags($_POST['Price'])));
$date = date("Y-m-d");
echo " ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$Uname')";
if('POST' === $_SERVER['REQUEST_METHOD'])
{
if ($Sname&&$Pname&&$Pidno&&$Weblink&&$Price)
{
if (is_numeric($Price))
{
$repeatheck = mysql_query("SELECT * FROM repplac WHERE Uname = '{$_SESSION['username']}' AND Pidno ='$Pidno' AND Sname='$Sname'");
$count = mysql_num_rows($repeatheck);
if($count!=0)
{
die ('PRODUCT ALREADY IN BASKET YOU CAN INCREASE OR DECREASE QUANTITY');
}
else
//echo'$Price';
$tprice = '$Price' * '$Pquantity';
//echo"$tprice";
$queryreg = mysql_query("
INSERT INTO repplac VALUES ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$tprice','$date','{$_SESSION['username']}')
");
}
else
echo 'price field requires numbers';
}
else
echo 'please fill in all required * fields ';
}
?>
答案 0 :(得分:1)
这一行:
$tprice = '$Price' * '$Pquantity';
将无效:它会尝试将文字字符串$Price和$Pquantity相乘(因为在带单引号的字符串中,不会解释变量名。)
完全失去了引号:
$tprice = $Price * $Pquantity;
补充说明:
您应该确保$Pquantity是一个整数。否则,人们可以通过指定0.1
清理时strip_tags()和htmlentities()来电过度。我也不会使用它们,并在输出数据时执行htmlentities()。