【问题标题】:My code does not work, It won't input the values from $_SESSION to database我的代码不起作用,它不会将 $_SESSION 中的值输入到数据库
【发布时间】:2014-03-04 17:02:26
【问题描述】:

我需要帮助将值从 $_SESSION 输入到数据库,我没有收到任何错误,但没有任何内容添加到数据库表中。请帮忙

这是我的代码。

<?php
session_start();
$conn = @mysql_connect("localhost","root","12148qx3er");
$db = @mysql_select_db("buybranded");
include("includes/functions.php");
mysql_set_charset("UTF8");

if(isset($_REQUEST['command']) && $_REQUEST['command']=='update'){

    $first_name=$_SESSION['first_name'];
    $email=$_SESSION['email'];
    $home_address=$_SESSION['home_address'];
    $mobile_number=$_SESSION['mobile_number'];
    $result=mysql_query("insert into customers(name,email,address,phone) values('','$first_name','$email','$home_address','$mobile_number')");

    $customerid=mysql_insert_id();
    $date=date('Y-m-d');
    $result=mysql_query("insert into orders values('','$date','$customerid')");

    $orderid=mysql_insert_id();
    $max=count($_SESSION['cart']);
    for($i=0;$i<$max;$i++){
        $pid=$_SESSION['cart'][$i]['productid'];
        $q=$_SESSION['cart'][$i]['qty'];
        $price=get_price($pid);
        mysql_query("insert into order_detail values ($orderid,$pid,$q,$price)");
    }
    die('Thank You! your order has been placed!');
}
?>

这是我放置 $_SESSION 值的 checklogin.php。

<?php


$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="12148qx3er"; // Mysql password 
$db_name="buybranded"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$email=$_POST['email']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_start();
$_SESSION["email"] = $email;
$_SESSION["password"] = $password;
$_SESSION["first_name"] = $first_name;
$_SESSION["middle_name"] = $middle_name;
$_SESSION["last_name"] = $last_name;
$_SESSION["gender"] = $gender;
$_SESSION["birth_date"] = $birth_date;
$_SESSION["home_address"] = $home_address;
$_SESSION["mobile_number"] = $mobile_number;
$_SESSION["home_phone"] = $home_phone;
$_SESSION["postal_code"] = $postal_code;
$_SESSION["city"] = $city;
$_SESSION["province"] = $province;

while($row = mysql_fetch_array($result)){
    //remove this line ******header("location:customer_home.php");
    if($row['type'] == 'admin'){
        header("location: admin.php");
    } else if($row['type'] == 'customer'){
        header("location: customer_home.php");
    }
}
}

else {

header('refresh: 0.1; url=sign-in.php');
$message = "Invalid Email or Password, Redirecting..";
die("<script type='text/javascript'>alert('$message');</script>"); // To prevent evil     people manipulating the page, kill the script using die.

}

?>

【问题讨论】:

  • 你在哪里定义会话变量?因为现在您从会话之外发布项目,我们不知道它们是在哪里定义的。你有没有回应他们?您是否回应了您的查询?
  • 您对 SQL 注入持开放态度。此外,mysql 库已弃用并将被删除。您应该使用 PDO 或 MySQLi 并使用准备好的语句。
  • P.S.您应该更改数据库密码,因为您刚刚将其发布在 SO...
  • "I get no errors" - @ 隐藏了该行的错误,你怎么知道你已连接到数据库?
  • 为什么在你的session里放这么多,user id应该够用了吧?此外,您的登录代码正在使用从未初始化的变量并将它们存储在您的会话中(变量应该从 mysql 请求中获取,但不是)。这也是糟糕的数据库设计,尝试学习外键。这是糟糕的 php 代码,请尝试使用 mysqli 或 pdo。

标签: php mysql database session


【解决方案1】:

在第 14 行(这一行:)

$result=mysql_query("插入客户(姓名、邮箱、地址、电话) values('','$first_name','$email','$home_address','$mobile_number')");

当您只插入 4 列时,您会列出 5 个值。删除第一个值的空字符串应该有助于匹配它。可能是查询错误而不是会话问题?

【讨论】:

    【解决方案2】:

    试试这个,将' 包装在$price$q 列值中

    "insert into order_detail values ($orderid,$pid,'$q','$price')"
    

    而不是

    "insert into order_detail values ($orderid,$pid,$q,$price)"
    

    另外,列数不匹配

    $result=mysql_query("insert into customers(name,email,address,phone) values('$first_name','$email','$home_address','$mobile_number')");
    

    而不是

    $result=mysql_query("insert into customers(name,email,address,phone) values('','$first_name','$email','$home_address','$mobile_number')");
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2022-01-02
      • 1970-01-01
      • 2019-09-18
      • 2018-01-16
      相关资源
      最近更新 更多