我用自己的数据库制作了一个管理面板。
在连接到另一个(自己的)数据库的preorder.php页面上,在用户填写表格并对订单进行条纹处理后,我会检查是否像这样支付了费用;
if ($charge->paid == true) {
$amountReadable = $amount / 100; // to add in decimal points
echo '<div class="alert alert-success">Your card was successfully billed for $'.$amountReadable.'</div>';
$status = "paid";
然后我连接到主数据库和管理数据库(它们都有"订单"表),并插入以下查询:
$connect = mysql_connect("localhost",DB_USER,DB_PASS);
if (!$connect){
die('Could not connect: ' . mysql_error());
}
mysql_select_db(DB_NAME, $connect);
$query = "INSERT INTO 'DB_NAME'.`orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `timestamp`, `status`) VALUES ('$email','$cardName', '$qty', '$product', '$amountReadable', '$customer->id', '$charge->id', '$cardAddress1', '$cardAddress2', '$cardCity', '$cardState', '$cardZipcode', CURRENT_TIMESTAMP`, $status);";
mysql_query($query);
if (mysql_errno()) {
$error = "MySQL error ".mysql_errno().": ".mysql_error()."'n<br>When executing:<br>'n$query'n<br>";
exit;
}
mysql_close($connect);
//insert into db for admin
$connect = mysql_connect("--------","------","-------");
if (!$connect){
die('Could not connect: ' . mysql_error());
}
mysql_select_db(database2, $connect);
$query = "INSERT INTO 'database2'.`orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `timestamp`, `status`) VALUES ('$email','$cardName', '$qty', '$product', '$amountReadable', '$customer->id', '$charge->id', '$cardAddress1', '$cardAddress2', '$cardCity', '$cardState', '$cardZipcode', CURRENT_TIMESTAMP, $status);";
然后在有自己数据库的管理面板(上面的数据库2)上,(orders.php)我将这些数据拉到一个引导表中,如下所示:
编辑1#:我在管理面板中将orders.php更改为类似的内容:
$result = mysqli_query($con,"SELECT * FROM orders");
echo "<table border='1' data-toggle='table'>
<tr>
<th>id</th>
<th>email</th>
<th>name</th>
<th>qty</th>
<th>product</th>
<th>amount</th>
<th>address1</th>
<th>address2</th>
<th>city</th>
<th>state</th>
<th>zip</th>
<th>status</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['qty'] . "</td>";
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['amount'] . "</td>";
echo "<td>" . $row['address1'] . "</td>";
echo "<td>" . $row['address2'] . "</td>";
echo "<td>" . $row['city'] . "</td>";
echo "<td>" . $row['state'] . "</td>";
echo "<td>" . $row['zip'] . "</td>";
echo "<td>" . $row['status']. "</td>";
echo "<td><form action='markshipped.php' method='POST'><input type='hidden' name='status' value='".$row["id"]."'/><input type='submit' name='submit-btn' value='Mark Item Shipped' /><form></td>";
echo "</tr>";
}
echo "</table>";
那么我的markshipped.php是:
<?php
$con=mysqli_connect("----","----","----","----");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($con,"UPDATE orders SET status='shipped' WHERE id=$id");
mysqli_close($con);
?>
我仍然对php/mysql不太满意,不幸的是,在有人购买任何东西之前,我无法对其进行测试,因为在条纹测试模式下,没有一张卡无法通过表单…
所以我的问题主要是:
我收到两个错误,说:
1.未定义的变量:第9行上/admin/orders/markshipped.php中的id
-这是哪条线路:mysqli_query($con,"UPDATE orders SET status='shipped' WHERE id=$id");
2.未定义的索引:第88行/admin/orders/orders.php中的状态
-即:echo "<td>" . $row['status']. "</td>";
很明显,我把$status = "paid";设置错了和/或放错了地方。
如何正确设置这些选项,以便在开始时将项目标记为"已付款",然后在单击每行上的"标记项目已发货"按钮后将其更改为"已发货"?你能在我的代码中发现其他错误吗
非常感谢您抽出时间!
您需要使用获取$_POST[状态]
$id = $_POST['status'];
以便运行您的查询。我会将你的隐藏输入字段的名称更改为"id",并获取$_POST["id"],因为你想提交id。
您在这一行中有一个`(第一个插入查询):
CURRENT_TIMESTAMP`<<<<here , $status
并且需要删除这个/更好地在mysql 中将列设置为on_update_current_timestamp
$status需要在"中,我假设$id是一个整数,所以可以不使用"。
如果您混合了mysql_和mysqli_,我强烈建议您在mysqli_中重写整个代码,特别是对于插入语句,您确实应该使用prepared语句和mysqli_。mysql贬值且不安全。您对sql注入持开放态度
为什么将id设置为NULL?这应该是一个自动递增字段,您不应该在查询中将其设置为null。
如果你把对象数据放在数据库中,我会使用'{$customer->id}'或设置
$customer_id = $customer->id;
在查询之前,更容易检查您的查询
您不需要指定
INSERT INTO **'database2'**.订单
database2,数据库已被选中-再次:请使用mysqli_和prepared语句!
示例:
$customer_id = $customer->id;
$charge_id = $charge->id;
$stmt = $sql->prepare("INSERT INTO `orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `status`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param('ssissssssssss', $email,$cardName, $qty, $product, $amountReadable, $customer_id, $charge_id, $cardAddress1, $cardAddress2, $cardCity, $cardState, $cardZipcode, $status);
$stmt->execute();
如果您这样做,则需要为mysqli_而不是为mysql_设置连接
区块1:
<?php
if ($charge->paid == true) {
$amountReadable = $amount / 100; // to add in decimal points
echo '<div class="alert alert-success">Your card was successfully billed for $' . $amountReadable . '</div>';
$status = "paid";
}
区块2:
<?php
$connect = new mysqli("localhost",DB_USER,DB_PASS,DB_NAME);
$customer_id = $customer->id;
$charge_id = $charge->id;
$stmt = $connect->prepare("INSERT INTO orders (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `status`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param('ssissssssssss', $email,$cardName, $qty, $product, $amountReadable, $customer->id, $charge->id, $cardAddress1, $cardAddress2, $cardCity, $cardState, $cardZipcode, $status);
$stmt->execute();
$connect->close();
//insert into db for admin
$connect = new mysqli("--------","------","-------","--------");
$customer_id = $customer->id;
$charge_id = $charge->id;
$stmt = $connect->prepare("INSERT INTO `orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `status`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param('ssissssssssss', $email,$cardName, $qty, $product, $amountReadable, $customer_id, $charge_id, $cardAddress1, $cardAddress2, $cardCity, $cardState, $cardZipcode, $status);
$stmt->execute();
块3:
$con = new mysqli("--------","------","-------","--------");
$query = "SELECT * FROM orders";
if ($result = $con->query($query))
{
echo "<table border='1' data-toggle='table'>
<tr>
<th>id</th>
<th>email</th>
<th>name</th>
<th>qty</th>
<th>product</th>
<th>amount</th>
<th>address1</th>
<th>address2</th>
<th>city</th>
<th>state</th>
<th>zip</th>
<th>status</th>
</tr>";
while($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['qty'] . "</td>";
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['amount'] . "</td>";
echo "<td>" . $row['address1'] . "</td>";
echo "<td>" . $row['address2'] . "</td>";
echo "<td>" . $row['city'] . "</td>";
echo "<td>" . $row['state'] . "</td>";
echo "<td>" . $row['zip'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td><form action='markshipped.php' method='POST'><input type='hidden' name='id' value='" . $row["id"] . "'/><input type='submit' name='submit-btn' value='Mark Item Shipped' /></form></td>";
echo "</tr>";
}}
echo "</table>";
区块4:
$con= new mysqli("----","----","----","----");
// Check connection
$id = $_POST['id'];
$stmt = $con->prepare("UPDATE orders SET status = 'shipped' WHERE id = ?");
$stmt->bind_param('i', $id);
$stmt->execute();
$con->close();
对于您的第一个问题:
mysqli_query($con,"UPDATE orders SET status='shipped'WHERE id=$id");
WHERE id=$id应为:WHERE id='$id'(在$id两侧添加单引号)。
第二个问题:
…'$cardZipcode',CURRENT_TIMESTAMP',$status);";
同样的事情:CURRENT_TIMESTAMP, $status);应该是:CURRENT_TIMESTAMP, '$status');(你需要在两个地方纠正这个)。
我也经常犯这些错误。
我希望这能有所帮助!