时间戳

首页 > 解决方案 > 无法处理 PHP 上的添加到购物车按钮

php - 无法处理 PHP 上的添加到购物车按钮

问题描述

目前正在使用 PHP 为学校项目制作购物页面。我的代码容易受到 SQL 注入的影响,但没关系,它是我项目要求的一部分。当前的问题是,当我按下“添加到购物车”按钮时,我只会弹出一个说我的购物车已添加的弹出窗口,但它会更新到数据库中。这是我的代码,称为 cart_process.php mainpage.php 是我的主要购物车页面。

?php 
    session_start();
$dbhost="localhost";
$dbname="shopping";
$dbuser="root";
$dbpass="";

$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

if($conn->connect_error)
    {   
        die("Connect failed: " . $conn->connect_error);
    }


$UserId= mysqli_real_escape_string($conn, $_POST['UserId']);
$burger= mysqli_real_escape_string($conn, $_POST['burger']);
$banana= mysqli_real_escape_string($conn, $_POST['banana']);
$mosquitotoy= mysqli_real_escape_string($conn, $_POST['mosquitotoy']);
$spider= mysqli_real_escape_string($conn, $_POST['spider']);
$rabbits= mysqli_real_escape_string($conn, $_POST['rabbits']);
$tot_amount = mysqli_real_escape_string($conn, $_POST['tot_amount']);
$tot_amount1 = mysqli_real_escape_string($conn, $_POST['tot_amount1']);
$tot_amount2 = mysqli_real_escape_string($conn, $_POST['tot_amount2']);
$tot_amount3 = mysqli_real_escape_string($conn, $_POST['tot_amount3']);
$tot_amount4 = mysqli_real_escape_string($conn, $_POST['tot_amount4']);

$sql= "INSERT INTO products (UserId, burger, banana, mosquitotoy, spider, rabbits, tot_amount, tot_amount1, tot_amount2, tot_amount3, tot_amount4)
VALUES ('$UserId','$burger','$banana','$mosquitotoy','$spider','$rabbits','$tot_amount','$tot_amount1','$tot_amount2','$tot_amount3','$tot_amount4' )";
$result= mysqli_query($conn, $sql);

if($result)
    {
        $url=$_SESSION['url'];
        echo("<script language=''javascript'>
        window.alert('item added to cart successfully')
        window.location.href='https://easymoney.com/mainpage.php';
        </script>");
    }
else
    {

        $url=$_SESSION['url'];
        echo("script language='javascript'> window.alert('error adding to cart')
        window.location.href='https://easymoney.com/mainpage.php;
        </script>");
    }

?>

这是我的 PHP 数据库。我称之为产品。汉堡、蚊子玩具、香蕉、蜘蛛和兔子是我销售的商品。tot_amount 分别代表每个项目的价格。

-- phpMyAdmin SQL Dump
-- version 4.5.4.1deb2ubuntu2.1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Feb 06, 2020 at 10:23 AM
-- Server version: 5.7.28-0ubuntu0.16.04.2
-- PHP Version: 7.0.33-0ubuntu0.16.04.9

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- Database: `shopping`
--

-- --------------------------------------------------------

--
-- Table structure for table `products`
--

CREATE TABLE `products` (
  `id` int(10) NOT NULL,
  `UserId` varchar(255) NOT NULL,
  `burger` int(10) NOT NULL,
  `banana` int(10) NOT NULL,
  `mosquitotoy` int(10) NOT NULL,
  `spider` int(10) NOT NULL,
  `rabbits` int(10) NOT NULL,
  `tot_amount` int(10) NOT NULL,
  `tot_amount1` int(10) NOT NULL,
  `tot_amount2` int(10) NOT NULL,
  `tot_amount3` int(10) NOT NULL,
  `tot_amount4` int(10) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Indexes for dumped tables
--

--
-- Indexes for table `products`
--
ALTER TABLE `products`
  ADD PRIMARY KEY (`id`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `products`
--
ALTER TABLE `products`
  MODIFY `id` int(10) NOT NULL AUTO_INCREMENT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

标签: phpmysql

解决方案

推荐阅读