使用单独的语句将数据插入单数行？

我有问题插入数据到php myadmin数据库。让我试着解释我想完成的事情。我遇到问题，将付款详细信息与用户详细信息插入同一行。使用单独的语句将数据插入单数行？

在命名的列中的数据上面的照片：名字，姓氏，DOB，年龄，从指定的文件中发现的形式产生的总“page2_age_test.php”的烃源代码可以看出如下：

Page2_Age_test.php

<?php include 'include/connection.php' ?> 

    <html> 
    <head> 
     <title>Age Verification</title> 

     <meta charset="utf-8"> 
     <meta http-equiv="X-UA-Compatible" content="IE=edge"> 
     <meta name="viewport" content="width=device-width, initial-scale=1"> 
     <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> 

     <!-- Bootstrap --> 
     <link href="css/bootstrap.min.css" rel="stylesheet"> 
     <link href="css/bootstrap.css" rel="stylesheet"> 

     <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> 
     <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> 
     <!--[if lt IE 9]> 
      <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> 
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> 
     <![endif]--> 
     <link rel="stylesheet" type="text/css" href="css/bootstrap-theme.css"> 
    </head> 
    <body> 

    <h1>Age Verification:</h1> 
    <p>Please fill out the form below.</p> 

     <form action="page2_age_test.php" method="post"> 

      <label for="first">First Name:</label> 
      <input type="text" name="first" placeholder="Enter first name"> 
      <br> 
      <label for="last">Last Name:</label> 
      <input type="text" name="last" placeholder="Enter last name"> 
      <br> 
      <label for="date">Enter your Date of Birth:</label> 
      <input type="date" name="date"> 
      <br> 
      <label for="rush"> Check for a rush order(A $200 fee will apply.)</label> 
      <input type="checkbox" name="rush"> <p>(optional)</p> 
      <br> 
      <br> 
      <input type="submit" name="submit"> 


     </form> 

           </table> 



          </div> 

         </div> 
        </div> 
        <!-- /.row --> 



       </div> 


    <?php 
    // function to execute by default if rush order is not selected. 
    function standard_order(){ 
     global $connection; 
    $dob = $_POST['date']; 
    $age = (date("Y/m/d") - $dob) * 12; 


    if(isset($_POST['submit'])){ 
    $first = $_POST['first']; 
    $last = $_POST['last']; 
    $dob = $_POST['date']; 


    if($age >= 186){ 
    $price = 50; 
    echo "Your passport will cost $$price"; 
    }else{ 
    $price = 25; 
    echo "Your passport will cost $$price"; 
    } 

    // Insert Data into Database. 
    $query = "INSERT INTO orders (FirstName, LastName, DOB, Age, Total) VALUES ('$first','$last','$dob','$age','$price')"; 
    $insert = mysqli_query($connection, $query); 

    if(!$insert){ 
    die('Query has failed :('.mysqli_error($connection)); 
    } 

    } 

    } 


    // Function executes if rush order is checked. 
    function rush_order(){ 
     global $connection; 
    $dob = $_POST['date']; 
    $age = (date("Y/m/d") - $dob) * 12; 


    if(isset($_POST['rush']) && $age >= 186){ 
    $first = $_POST['first']; 
    $last = $_POST['last']; 

    $price = 50; 
    $total = $price + 200; 
    echo "Your total is $$total"; 

    }elseif(isset($_POST['rush']) && $age < 186){ 
    $price = 25; 
    $total = $price + 200; 
    echo "Your total is $$total"; 
    } 


    // Insert Data into Database. 
    $query = "INSERT INTO orders (FirstName, LastName, DOB, Age, Total) VALUES ('$first','$last','$dob','$age','$total')"; 
    $insert = mysqli_query($connection, $query); 

    if(!$insert){ 
    die('Query has failed :('.mysqli_error($connection)); 
    } 

    } 

    if(isset($_POST['submit']) and isset($_POST['rush'])){ 
    rush_order(); 

    }elseif(isset($_POST['submit'])){ 

    standard_order(); 

    } 

    ?> 


    </body> 



    </html>

在所谓的 “page3_payment.php” 一个serperate文件（见下文源代码），我试图插入付款细节。我想要将信息插入到同一行中。如果我要创建一个新的INSERT QUERY，则会创建一个新行。我做了一些研究，发现UPDATE查询会给我一个解决方案，但是当我尝试它时什么都没有发生。我的主要问题是如何将所有信息插入单行？

你也会注意到日期仍然是以月份显示。我还没有纠正过。

Page3_payment.php

<?php include 'include/connection.php' ?> 

<html> 
<head> 
    <meta charset="utf-8"> 
    <meta http-equiv="X-UA-Compatible" content="IE=edge"> 
    <meta name="viewport" content="width=device-width, initial-scale=1"> 
    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> 

    <!-- Bootstrap --> 
    <link href="css/bootstrap.min.css" rel="stylesheet"> 
    <link href="css/bootstrap.css" rel="stylesheet"> 

    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> 
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> 
    <!--[if lt IE 9]> 
     <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> 
     <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> 
    <![endif]--> 
    <link rel="stylesheet" type="text/css" href="css/bootstrap-theme.css"> 
    <title>Payment</title> 
</head> 
<body> 


<?php 
function cash(){ 
global $connection; 

if(isset($_POST['submit_cash'])){ 
$cash_recieved = $_POST['cash_recieved']; 
$sql = "SELECT Total FROM orders"; 
$result = mysqli_query($connection,$sql); 
while($row = mysqli_fetch_assoc($result)){ 
$total = $row['Total']; 

// $change = $total - $cash_recieved ; 
// echo $change; 
} 
//$change = $total - $cash recieved 
if($cash_recieved >= $total/*Total in the database*/){ 
// echo "$"."{$total}"; 
$change = $cash_recieved - $total; 
echo "The change is $" .$change; 

}elseif($cash_recieved < $total){ 
echo "Error the amount inserted is not enough"; 
} 
} 
} 


function credit(){ 
    global $connection; 
    global $total; 
// Card processing!! 
if (isset($_POST['submit_card']) && isset($_POST['credit'])) { 

$credit = $_POST['credit']; 
for ($i=0; $i <sizeof($credit) ; $i++) { 

$cardname = $_POST['cardname']; 
$cardnumber = $_POST['cardnumber']; 
$exp_date = $_POST['exp_date']; 
$security_code = $_POST['security_code']; 

$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE Order='[23]'"; 
$C_card_query= mysqli_query($connection,$query); 
echo "Card accepted"; 
// $query="INSERT INTO orders (Payment_method) VALUES ('" . $credit[$i] . "')";  
// mysqli_query($connection,$query) or die (mysqli_error()); 
     } 
     echo "Complete"; 
} 
// $cardname = $_POST['cardname']; 
// $cardnumber = $_POST['cardnumber']; 
// $exp_date = $_POST['exp_date']; 
// $security_code = $_POST['security_code'];  
// $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total')"; 
// $C_card_query= mysqli_query($connection,$query); 
// echo "Card accepted"; 
// C_number,Exp_date,Sec_code,Amount_paid,Payment_method) 

} 





?> 


    <h1>Choose your payment method</h1> 

<?php 

$sql = "SELECT Total FROM orders"; 
$result = mysqli_query($connection,$sql); 
while($row = mysqli_fetch_assoc($result)){ 
$total = $row['Total']; 
echo "The total is $" . "{$total}"; 
// $change = $total - $cash_recieved ; 
// echo $change; 
} 

?> 

    <form action="page3_payment.php" method="post"> 

     <label for="credit">Credit:</label> 
     <input type="checkbox" name="credit[]" value ="credit" required> 
     <br> 
     <label for="cardname">Enter Name (as it appears on your card):</label> 
     <input type="text" name="cardname" placeholder=" Cardholders name" required> 
     <br> 
     <label for="cardnumber">Enter cardnumber (no spaces of dashes):</label> 
     <input type="number" name="cardnumber" placeholder="Enter Card Number" required><!-- Can hold no more than 16 characters --> 
     <br> 
     <label for="exp_date">Expiration date:</label> 
     <input type="date" name="exp_date" required><!-- Fomat in this manner: mm/YY --> 
     <br> 
     <label for="security_code">Security Code:</label> 
     <input type="number" name="security_code" placeholder="Enter three digit code on back of card" required > <!-- Character Limit is 3 --> 
     <br> 
     <input type="submit" name="submit_card"> 
    </form> 






    <form action="#" method="post"> 
     <label for="cash">Cash:</label> 
     <input type="checkbox" name="cash" value="cash"> 
     <p>$</p><input type="number" name="cash_recieved"> 
     <br> 
     <input type="submit" name="submit_cash" required> 
    </form> 

<?php 

if(isset($_POST['credit']) && isset($_POST['submit_card'])){ 

    credit(); 

}elseif(isset($_POST['cash']) && isset($_POST['submit_cash'])){ 
    cash(); 
} 

?> 



</body> 
</html> 

<?php 



// function credit(){ 
// global $connection; 
// global $total; 
// // Card processing!! 
// if (isset($_POST['submit_card']) && isset($_POST['credit'])) { 
// $credit = $_POST['credit']; 
// for ($i=0; $i <sizeof($credit) ; $i++) { 

// $cardname = $_POST['cardname']; 
// $cardnumber = $_POST['cardnumber']; 
// $exp_date = $_POST['exp_date']; 
// $security_code = $_POST['security_code'];  
// $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid,Payment_method) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total', '" . $credit[$i] . "')"; 
// $C_card_query= mysqli_query($connection,$query); 
// echo "Card accepted"; 
// // $query="INSERT INTO orders (Payment_method) VALUES ('" . $credit[$i] . "')";  
// // mysqli_query($connection,$query) or die (mysqli_error()); 
//   } 
//  echo "Complete"; 
// } 
// // $cardname = $_POST['cardname']; 
// // $cardnumber = $_POST['cardnumber']; 
// // $exp_date = $_POST['exp_date']; 
// // $security_code = $_POST['security_code'];  
// // $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total')"; 
// // $C_card_query= mysqli_query($connection,$query); 
// // echo "Card accepted"; 


// } 
?>

来源

2017-08-09 K.Woods

您很容易受SQL注入攻击，您需要修复此问题。 – Enstage

你需要逃避SQL关键字order，使您的查询工作。

$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE `Order`='23'";

为了调试这样的错误，你需要使用mysqli_error功能和打印的情况下的结果，如果在调试过程中有什么。

你也有SQL-injection的问题。看这里了解那是什么，以及如何保护：http://php.net/manual/en/security.database.sql-injection.php

来源

2017-08-09 23:42:11 iXCray

-1

这WHERE子句看起来时髦的对我说：

$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE Order='[23]'";

你问你的SQL来寻找匹配[23]命令，尝试将其更改为：

$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE Order='23'";

来源

2017-08-09 23:45:49 Ricktron3000

你错过了一些对他们的列名之一非常重要的东西。 –

是的，你是对的，我甚至没有考虑ORDER关键字。 – Ricktron3000

使用单独的语句将数据插入单数行？

回答

相关问题