我有问题插入数据到php myadmin数据库。让我试着解释我想完成的事情。我遇到问题,将付款详细信息与用户详细信息插入同一行。使用单独的语句将数据插入单数行?
This image below will show my table
在命名的列中的数据上面的照片:名字,姓氏,DOB,年龄,从指定的文件中发现的形式产生的总“page2_age_test.php”的烃源代码可以看出如下:
Page2_Age_test.php
<?php include 'include/connection.php' ?>
<html>
<head>
<title>Age Verification</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/bootstrap.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
<link rel="stylesheet" type="text/css" href="css/bootstrap-theme.css">
</head>
<body>
<h1>Age Verification:</h1>
<p>Please fill out the form below.</p>
<form action="page2_age_test.php" method="post">
<label for="first">First Name:</label>
<input type="text" name="first" placeholder="Enter first name">
<br>
<label for="last">Last Name:</label>
<input type="text" name="last" placeholder="Enter last name">
<br>
<label for="date">Enter your Date of Birth:</label>
<input type="date" name="date">
<br>
<label for="rush"> Check for a rush order(A $200 fee will apply.)</label>
<input type="checkbox" name="rush"> <p>(optional)</p>
<br>
<br>
<input type="submit" name="submit">
</form>
</table>
</div>
</div>
</div>
<!-- /.row -->
</div>
<?php
// function to execute by default if rush order is not selected.
function standard_order(){
global $connection;
$dob = $_POST['date'];
$age = (date("Y/m/d") - $dob) * 12;
if(isset($_POST['submit'])){
$first = $_POST['first'];
$last = $_POST['last'];
$dob = $_POST['date'];
if($age >= 186){
$price = 50;
echo "Your passport will cost $$price";
}else{
$price = 25;
echo "Your passport will cost $$price";
}
// Insert Data into Database.
$query = "INSERT INTO orders (FirstName, LastName, DOB, Age, Total) VALUES ('$first','$last','$dob','$age','$price')";
$insert = mysqli_query($connection, $query);
if(!$insert){
die('Query has failed :('.mysqli_error($connection));
}
}
}
// Function executes if rush order is checked.
function rush_order(){
global $connection;
$dob = $_POST['date'];
$age = (date("Y/m/d") - $dob) * 12;
if(isset($_POST['rush']) && $age >= 186){
$first = $_POST['first'];
$last = $_POST['last'];
$price = 50;
$total = $price + 200;
echo "Your total is $$total";
}elseif(isset($_POST['rush']) && $age < 186){
$price = 25;
$total = $price + 200;
echo "Your total is $$total";
}
// Insert Data into Database.
$query = "INSERT INTO orders (FirstName, LastName, DOB, Age, Total) VALUES ('$first','$last','$dob','$age','$total')";
$insert = mysqli_query($connection, $query);
if(!$insert){
die('Query has failed :('.mysqli_error($connection));
}
}
if(isset($_POST['submit']) and isset($_POST['rush'])){
rush_order();
}elseif(isset($_POST['submit'])){
standard_order();
}
?>
</body>
</html>
在所谓的 “page3_payment.php” 一个serperate文件(见下文源代码),我试图插入付款细节。我想要将信息插入到同一行中。如果我要创建一个新的INSERT QUERY,则会创建一个新行。我做了一些研究,发现UPDATE查询会给我一个解决方案,但是当我尝试它时什么都没有发生。我的主要问题是如何将所有信息插入单行?
你也会注意到日期仍然是以月份显示。我还没有纠正过。
Page3_payment.php
<?php include 'include/connection.php' ?>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/bootstrap.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
<link rel="stylesheet" type="text/css" href="css/bootstrap-theme.css">
<title>Payment</title>
</head>
<body>
<?php
function cash(){
global $connection;
if(isset($_POST['submit_cash'])){
$cash_recieved = $_POST['cash_recieved'];
$sql = "SELECT Total FROM orders";
$result = mysqli_query($connection,$sql);
while($row = mysqli_fetch_assoc($result)){
$total = $row['Total'];
// $change = $total - $cash_recieved ;
// echo $change;
}
//$change = $total - $cash recieved
if($cash_recieved >= $total/*Total in the database*/){
// echo "$"."{$total}";
$change = $cash_recieved - $total;
echo "The change is $" .$change;
}elseif($cash_recieved < $total){
echo "Error the amount inserted is not enough";
}
}
}
function credit(){
global $connection;
global $total;
// Card processing!!
if (isset($_POST['submit_card']) && isset($_POST['credit'])) {
$credit = $_POST['credit'];
for ($i=0; $i <sizeof($credit) ; $i++) {
$cardname = $_POST['cardname'];
$cardnumber = $_POST['cardnumber'];
$exp_date = $_POST['exp_date'];
$security_code = $_POST['security_code'];
$query = "UPDATE orders SET Name_on_C='$cardname', C_number='$cardnumber' WHERE Order='[23]'";
$C_card_query= mysqli_query($connection,$query);
echo "Card accepted";
// $query="INSERT INTO orders (Payment_method) VALUES ('" . $credit[$i] . "')";
// mysqli_query($connection,$query) or die (mysqli_error());
}
echo "Complete";
}
// $cardname = $_POST['cardname'];
// $cardnumber = $_POST['cardnumber'];
// $exp_date = $_POST['exp_date'];
// $security_code = $_POST['security_code'];
// $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total')";
// $C_card_query= mysqli_query($connection,$query);
// echo "Card accepted";
// C_number,Exp_date,Sec_code,Amount_paid,Payment_method)
}
?>
<h1>Choose your payment method</h1>
<?php
$sql = "SELECT Total FROM orders";
$result = mysqli_query($connection,$sql);
while($row = mysqli_fetch_assoc($result)){
$total = $row['Total'];
echo "The total is $" . "{$total}";
// $change = $total - $cash_recieved ;
// echo $change;
}
?>
<form action="page3_payment.php" method="post">
<label for="credit">Credit:</label>
<input type="checkbox" name="credit[]" value ="credit" required>
<br>
<label for="cardname">Enter Name (as it appears on your card):</label>
<input type="text" name="cardname" placeholder=" Cardholders name" required>
<br>
<label for="cardnumber">Enter cardnumber (no spaces of dashes):</label>
<input type="number" name="cardnumber" placeholder="Enter Card Number" required><!-- Can hold no more than 16 characters -->
<br>
<label for="exp_date">Expiration date:</label>
<input type="date" name="exp_date" required><!-- Fomat in this manner: mm/YY -->
<br>
<label for="security_code">Security Code:</label>
<input type="number" name="security_code" placeholder="Enter three digit code on back of card" required > <!-- Character Limit is 3 -->
<br>
<input type="submit" name="submit_card">
</form>
<form action="#" method="post">
<label for="cash">Cash:</label>
<input type="checkbox" name="cash" value="cash">
<p>$</p><input type="number" name="cash_recieved">
<br>
<input type="submit" name="submit_cash" required>
</form>
<?php
if(isset($_POST['credit']) && isset($_POST['submit_card'])){
credit();
}elseif(isset($_POST['cash']) && isset($_POST['submit_cash'])){
cash();
}
?>
</body>
</html>
<?php
// function credit(){
// global $connection;
// global $total;
// // Card processing!!
// if (isset($_POST['submit_card']) && isset($_POST['credit'])) {
// $credit = $_POST['credit'];
// for ($i=0; $i <sizeof($credit) ; $i++) {
// $cardname = $_POST['cardname'];
// $cardnumber = $_POST['cardnumber'];
// $exp_date = $_POST['exp_date'];
// $security_code = $_POST['security_code'];
// $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid,Payment_method) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total', '" . $credit[$i] . "')";
// $C_card_query= mysqli_query($connection,$query);
// echo "Card accepted";
// // $query="INSERT INTO orders (Payment_method) VALUES ('" . $credit[$i] . "')";
// // mysqli_query($connection,$query) or die (mysqli_error());
// }
// echo "Complete";
// }
// // $cardname = $_POST['cardname'];
// // $cardnumber = $_POST['cardnumber'];
// // $exp_date = $_POST['exp_date'];
// // $security_code = $_POST['security_code'];
// // $query = "INSERT INTO orders (Name_on_C,C_number,Exp_date,Sec_code,Amount_paid) VALUES ('$cardname','$cardnumber','$exp_date','$security_code','$total')";
// // $C_card_query= mysqli_query($connection,$query);
// // echo "Card accepted";
// }
?>
您很容易受SQL注入攻击,您需要修复此问题。 – Enstage