Insertar detalles del carrito de compras en la base de datos MySQL usando PHP

I have a shopping cart which at this point in time sends items that are brought by the customer to the database, but now I have included a login system whereby you have to be a member before you purchase an item. I have kept the logged in user in a session and so I am trying to send the session variable to the database as well once an order has been made. At the moment, I have three tables which are customers, orders and order_detail (see the following code):

session_start();
?>
<?php
if(!isset($_SESSION["username"]))
{
    header("Location: shoppinglogin.php");
}
?>

<?
    include("includes/db.php");
    include("includes/functions.php");

    if($_REQUEST['command']=='update'){
        $name=$_REQUEST['name'];
        $email=$_REQUEST['email'];
        $address=$_REQUEST['address'];
        $phone=$_REQUEST['phone'];

        $result=mysql_query("insert into customers values('','$name','$email','$address','$phone')");
        $customerid=mysql_insert_id();
        $date=date('Y-m-d');
        $result=mysql_query("insert into order values('','$date','$customerid')");
        $orderid=mysql_insert_id();

        $max=count($_SESSION['cart']);
        for($i=0;$i<$max;$i++){
            $pid=$_SESSION['cart'][$i]['productid'];
            $q=$_SESSION['cart'][$i]['qty'];
            $price=get_price($pid);
            mysql_query("insert into order_detail values ($orderid,$pid,$q,$price)");
        }
        die('Thank You! your order has been placed!');
        session_unset(); 
    }
?>

I have changed it into the following code:

 <?php

session_start();
?>
<?php
if(!isset($_SESSION["username"]))
{
    header("Location: shoppinglogin.php");
}
?>

<?
    include("includes/db.php");
    include("includes/functions.php");

    if($_REQUEST['command']=='update'){
        $name=$_REQUEST['name'];
        $email=$_REQUEST['email'];
        $address=$_REQUEST['address'];
        $phone=$_REQUEST['phone'];

$max=count($_SESSION['cart']);
        for($i=0;$i<$max;$i++){
            $orderid=mysql_insert_id();
            $pid=$_SESSION['cart'][$i]['productid'];
            $q=$_SESSION['cart'][$i]['qty'];
            $price=get_price($pid);
            $date=date('Y-m-d');
            $user=$_SESSION['username'];
            mysql_query("insert into order values ($orderid,$pid,$q,$price,$date,$user)");
        }
        die('Thank You! your order has been placed!');
        session_unset(); 
    }
?>

the code above does not insert anything into my order table.

Muchas Gracias

preguntado el 08 de noviembre de 11 a las 18:11

3 Respuestas

Trata or die(mysql_error()) just after the mysql_query function. That would probably give you more information about the problem...

respondido 08 nov., 11:22

Ugh. Database operations with absolutely NO error handling at all. Assuming a DB query succeeds only gets you into situations like this - no clue as to what's wrong.

At absolutely bare mininum, your DB operations should look like this:

$sql = "... query goes here ..."
$result = mysql_query($sql);
if ($result === FALSE) {
   die("Query failed!" . mysql_error() . $sql);
}

which at least stops the script dead in its tracks, tells you that the query failed, tells you WHY it failed, and tells you what the query was.

As well, your code is WIDE OPEN a inyección SQL attacks. This is especially bad in what is obviously an e-commerce setup. I suggest you immediately SHUT DOWN this system until you've had a chance to read up on this and plug the holes.

respondido 08 nov., 11:22

Please make sure if your query has '' enclosed to each values,

try replacing with this:

insert into order values ('$orderid','$pid','$q','$price','$date','$user')

And make sure that the table order has no other fields that are not null when not specified:

insert into order (order_id, product_id, qty, price, order_date, order_user) values ('$orderid','$pid','$q','$price','$date','$user')

Respondido 21 ago 16, 20:08

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.