所以我有这段代码将项目从数据库传递到我的订单表。当我回声会议时。会话变量包含一些东西,所以没有问题。但是当我在数字下回显这些变量时,它只显示任何内容。有什么问题吗?
<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();
require("connect.php");
$UserID = $_SESSION['CustNum'];
$UserN = $_SESSION['UserName'];
$ProdGTotal = $_SESSION['ProdGTotal'];
$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'");
$numrows = mysql_num_rows($queryord);
if(numrows == 1){
$row = mysql_fetch_assoc($queryord)or die ('Unable to run query:'.mysql_error()); // fetch associated: get function from a query for a database
$dbstreet = $row['Street'];
$dhousenum = $row['HouseNum'];
$dbcnum = $row['CelNum'];
$dbarea = $row['Area'];
$dbbuilding = $row['Building'];
$dbcity = $row['City'];
$dbpnum = $row['PhoneNum'];
$dbfname = $row['FName'];
$dblname = $row['LName'];
}
else
die(mysql_error());
$query4=mysql_query("INSERT INTO orderdetails VALUES ('', '$UserID', Now(), '$dbhousenum', '$dbstreet', '$dbarea', '$dbbuilding', '$dbcity', '$dbfname', '$dblname', '$dbcnum', '$dbpnum', '$ProdGTotal')",$connect);
if ($query4){
header("location:index.php");
}
else
die(mysql_error());
?>
if(numrows == 1) => if($numrows == 1){
首先输入
if(numrows == 1){
而是可变的:
if($numrows == 1){
相反,为了检查用户,您可以:
$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'");
$numrows = mysql_num_rows($queryord);
用作:
$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");
$numrows = mysql_num_rows($queryord);
您想获取一个用户,但失败了,因为您没有转义:
$UserN = mysql_real_escape_string($UserN);
$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");
$numrows = mysql_num_rows($queryord);
您应该以更好的方式编写代码,并查看有关stackoverflow如何获取数据的最佳实践示例。请参阅阻止 SQL 注入和漏洞的最佳实践。
这个网站上显示了一些例子:如何防止 PHP 中的 SQL 注入?