php - 无法处理 PHP 上的添加到购物车按钮
问题描述
目前正在使用 PHP 为学校项目制作购物页面。我的代码容易受到 SQL 注入的影响,但没关系,它是我项目要求的一部分。当前的问题是,当我按下“添加到购物车”按钮时,我只会弹出一个说我的购物车已添加的弹出窗口,但它会更新到数据库中。这是我的代码,称为 cart_process.php mainpage.php 是我的主要购物车页面。
?php
session_start();
$dbhost="localhost";
$dbname="shopping";
$dbuser="root";
$dbpass="";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
if($conn->connect_error)
{
die("Connect failed: " . $conn->connect_error);
}
$UserId= mysqli_real_escape_string($conn, $_POST['UserId']);
$burger= mysqli_real_escape_string($conn, $_POST['burger']);
$banana= mysqli_real_escape_string($conn, $_POST['banana']);
$mosquitotoy= mysqli_real_escape_string($conn, $_POST['mosquitotoy']);
$spider= mysqli_real_escape_string($conn, $_POST['spider']);
$rabbits= mysqli_real_escape_string($conn, $_POST['rabbits']);
$tot_amount = mysqli_real_escape_string($conn, $_POST['tot_amount']);
$tot_amount1 = mysqli_real_escape_string($conn, $_POST['tot_amount1']);
$tot_amount2 = mysqli_real_escape_string($conn, $_POST['tot_amount2']);
$tot_amount3 = mysqli_real_escape_string($conn, $_POST['tot_amount3']);
$tot_amount4 = mysqli_real_escape_string($conn, $_POST['tot_amount4']);
$sql= "INSERT INTO products (UserId, burger, banana, mosquitotoy, spider, rabbits, tot_amount, tot_amount1, tot_amount2, tot_amount3, tot_amount4)
VALUES ('$UserId','$burger','$banana','$mosquitotoy','$spider','$rabbits','$tot_amount','$tot_amount1','$tot_amount2','$tot_amount3','$tot_amount4' )";
$result= mysqli_query($conn, $sql);
if($result)
{
$url=$_SESSION['url'];
echo("<script language=''javascript'>
window.alert('item added to cart successfully')
window.location.href='https://easymoney.com/mainpage.php';
</script>");
}
else
{
$url=$_SESSION['url'];
echo("script language='javascript'> window.alert('error adding to cart')
window.location.href='https://easymoney.com/mainpage.php;
</script>");
}
?>
这是我的 PHP 数据库。我称之为产品。汉堡、蚊子玩具、香蕉、蜘蛛和兔子是我销售的商品。tot_amount 分别代表每个项目的价格。
-- phpMyAdmin SQL Dump
-- version 4.5.4.1deb2ubuntu2.1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Feb 06, 2020 at 10:23 AM
-- Server version: 5.7.28-0ubuntu0.16.04.2
-- PHP Version: 7.0.33-0ubuntu0.16.04.9
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: `shopping`
--
-- --------------------------------------------------------
--
-- Table structure for table `products`
--
CREATE TABLE `products` (
`id` int(10) NOT NULL,
`UserId` varchar(255) NOT NULL,
`burger` int(10) NOT NULL,
`banana` int(10) NOT NULL,
`mosquitotoy` int(10) NOT NULL,
`spider` int(10) NOT NULL,
`rabbits` int(10) NOT NULL,
`tot_amount` int(10) NOT NULL,
`tot_amount1` int(10) NOT NULL,
`tot_amount2` int(10) NOT NULL,
`tot_amount3` int(10) NOT NULL,
`tot_amount4` int(10) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Indexes for dumped tables
--
--
-- Indexes for table `products`
--
ALTER TABLE `products`
ADD PRIMARY KEY (`id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `products`
--
ALTER TABLE `products`
MODIFY `id` int(10) NOT NULL AUTO_INCREMENT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
解决方案
推荐阅读
- neo4j - 获取特定类型标签的所有节点和关系
- python - Python - 除了 os.system 之外,还有另一种方法可以从 python 脚本运行 python 脚本吗?
- elasticsearch - 如何对弹性搜索进行预过滤以提高性能?
- c# - 'System.Data.Common.DbDataAdapter.Fill(System.Data.DataTable)' 的最佳重载方法匹配有一些无效参数
- c# - 在动态占位符 C# 中生成动态控件
- oracle - 安装 Oracle Jdeveloper 12C 后找不到 jdev.conf
- vb6 - 如何从 VB6 生成堆损坏
- python - 如何为 Python 列表中的变量赋值?
- python-3.x - 使用 pip 安装库得到“连接超时”
- java - 用于发送带有附件的电子邮件的脚本 - 找不到文件源