duanou3868 2016-11-24 14:16
浏览 30

到另一个页面的超链接无效

When I click on Add to cart hyperlink, cart.php page is not responding (it's not echoing the add variable. Hyperlink looks fine. However, there is something wrong in cart.php. Any response is appreciated. Thanks in advance.

<html>
<head>
</head>
<body>
<table>
    <tr>
        <td><?php echo $row['ISBN']; ?></td>
        <td><?php echo $row['name']; ?></td>
        <td><?php echo $row['title']; ?></td>
        <td><?php echo $row['year']; ?></td>
        <td><?php echo $row['price']; ?></td>
        <td><?php echo $row['publisher']; ?></td>
        <td> <a href="cart.php?add=abc">Add to cart</a></td>
        <td><?php echo $row['ISBN']; ?></td>
    </tr>
</table>
</body>
</html>

cart.php page:

<?php
//
session_start();

$page  = 'search.php';
$lpage = 'cart.php';

$db = new mysqli('localhost', 'root', '', 'cheapbook') or die('Error connecting to MySQL server.');
mysqli_set_charset($db, 'utf8');

if (isset($_GET['add'])) {

    echo $_GET['add'];
    $pieces   = explode(":", $_GET['add']);
    $quantity = mysqli_query('SELECT ISBN, title from book WHERE ISBN=$pieces[0]');
    $result   = mysqli_query($db, $quantity);
    while ($quantity_row = mysqli_fetch_array($result)) {
        if ($quantity_row['quantity'] != $_SESSION['cart_' . $_GET['add']]) {
            $_SESSION['cart_' . $_GET['add']] += 1;
        }
    }

    if ($pieces[1] == 'SearchByBookTitle') {
        header('location:' . $page . 'SearchByBookTitle=' . $pieces[2]);
    }
    if ($pieces[1] == 'SearchByAuthor') {
        header('location:' . $page . 'SearchByAuthor=' . $pieces[2]);
        echo $pieces[1];
    } else {
        header('location:' . $lpage);
    }

}

if (isset($_GET['remove'])) {
    $_SESSION['cart_' . $_GET['remove']]--;
    header('location:' . $page);
}

if (isset($_GET['delete'])) {
    $_SESSION['cart_' . $_GET['remove']]--;
    header('location:' . $page);
}

if (isset($_GET['cart'])) {
    cart();
}

function cart()
{
    foreach ($_SESSION as $name => $value) {
        if ($value > 0) {
            if (substr($name, 0, 5) == 'curt_') {
                $total  = 0;
                $id     = substr($name, 5, (strlen($name) - 5));
                $get    = mysql_query("SELECT ISBN, title, price FROM book where id='.$id.'");
                $result = mysqli_query($db, $get);
                while ($get_row = mysqli_fetch_array($result)) {
                    $sub = $get_row['price'] * $value;
                    echo $get_row['title'] . 'X' . $value . '@Dollar' . $get_row['price'] . '=' . $sub . '<a href="cart.php?remove=.$id.">[-]</a><a href="cart.php?add=.$id.">[+]</a><a href="cart.php?delete=.$id.">[Delete]</a>';
                }
                $total += $sub;
            }
        }
        if ($total == 0) {
            echo "Your cart is empty";
        } else {
            echo "Paypal button";
        }
    }
}
?>
  • 写回答

1条回答 默认 最新

  • doudao1369 2016-11-24 14:43
    关注

    This query coded like this of course will not work as expected

    $quantity = mysqli_query('SELECT ISBN, title 
                          from book 
                          WHERE ISBN=$pieces[0]');

    You need a double quoted string to use variable expansion, it does not work in a single quoted string.

    You also need to add single quotes around the text varibale parameter value

    $quantity = mysqli_query("SELECT ISBN, title 
                          from book 
                          WHERE ISBN='$pieces[0]'");

    In future you would be well advised to add some error checking code after you attempt to execute a query and also use prepared and parameterised queries to avoid SQL Injection

    $sql = "SELECT ISBN, title from book WHERE ISBN=?";
$stmt = mysqli_prepare($sql);
if ( ! $stmt ) {
    echo mysqli_error();
    exit;
}
$stmt->bind_param('s', $pieces[0] );
$stmt->execute();
    评论

报告相同问题?

悬赏问题

  • ¥15 目详情-五一模拟赛详情页
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line