【发布时间】:2014-03-04 17:02:26
【问题描述】:
我需要帮助将值从 $_SESSION 输入到数据库,我没有收到任何错误,但没有任何内容添加到数据库表中。请帮忙
这是我的代码。
<?php
session_start();
$conn = @mysql_connect("localhost","root","12148qx3er");
$db = @mysql_select_db("buybranded");
include("includes/functions.php");
mysql_set_charset("UTF8");
if(isset($_REQUEST['command']) && $_REQUEST['command']=='update'){
$first_name=$_SESSION['first_name'];
$email=$_SESSION['email'];
$home_address=$_SESSION['home_address'];
$mobile_number=$_SESSION['mobile_number'];
$result=mysql_query("insert into customers(name,email,address,phone) values('','$first_name','$email','$home_address','$mobile_number')");
$customerid=mysql_insert_id();
$date=date('Y-m-d');
$result=mysql_query("insert into orders values('','$date','$customerid')");
$orderid=mysql_insert_id();
$max=count($_SESSION['cart']);
for($i=0;$i<$max;$i++){
$pid=$_SESSION['cart'][$i]['productid'];
$q=$_SESSION['cart'][$i]['qty'];
$price=get_price($pid);
mysql_query("insert into order_detail values ($orderid,$pid,$q,$price)");
}
die('Thank You! your order has been placed!');
}
?>
这是我放置 $_SESSION 值的 checklogin.php。
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="12148qx3er"; // Mysql password
$db_name="buybranded"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$email=$_POST['email'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION["email"] = $email;
$_SESSION["password"] = $password;
$_SESSION["first_name"] = $first_name;
$_SESSION["middle_name"] = $middle_name;
$_SESSION["last_name"] = $last_name;
$_SESSION["gender"] = $gender;
$_SESSION["birth_date"] = $birth_date;
$_SESSION["home_address"] = $home_address;
$_SESSION["mobile_number"] = $mobile_number;
$_SESSION["home_phone"] = $home_phone;
$_SESSION["postal_code"] = $postal_code;
$_SESSION["city"] = $city;
$_SESSION["province"] = $province;
while($row = mysql_fetch_array($result)){
//remove this line ******header("location:customer_home.php");
if($row['type'] == 'admin'){
header("location: admin.php");
} else if($row['type'] == 'customer'){
header("location: customer_home.php");
}
}
}
else {
header('refresh: 0.1; url=sign-in.php');
$message = "Invalid Email or Password, Redirecting..";
die("<script type='text/javascript'>alert('$message');</script>"); // To prevent evil people manipulating the page, kill the script using die.
}
?>
【问题讨论】:
-
你在哪里定义会话变量?因为现在您从会话之外发布项目,我们不知道它们是在哪里定义的。你有没有回应他们?您是否回应了您的查询?
-
您对 SQL 注入持开放态度。此外,mysql 库已弃用并将被删除。您应该使用 PDO 或 MySQLi 并使用准备好的语句。
-
P.S.您应该更改数据库密码,因为您刚刚将其发布在 SO...
-
"I get no errors" -
@隐藏了该行的错误,你怎么知道你已连接到数据库? -
为什么在你的session里放这么多,user id应该够用了吧?此外,您的登录代码正在使用从未初始化的变量并将它们存储在您的会话中(变量应该从 mysql 请求中获取,但不是)。这也是糟糕的数据库设计,尝试学习外键。这是糟糕的 php 代码,请尝试使用 mysqli 或 pdo。
标签: php mysql database session