Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/61.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
SQL&;PHP帮助!!从1个表单插入4个表?更新_Php_Mysql - Fatal编程技术网
Fatal编程技术网
  • php/
  • SQL&;PHP帮助!!从1个表单插入4个表?更新

SQL&;PHP帮助!!从1个表单插入4个表?更新

php mysql

SQL&;PHP帮助!!从1个表单插入4个表?更新,php,mysql,Php,Mysql,我现在让所有的php和sql都正常工作并正确插入到所有4个表中,但是我收到了一个错误注意第39行的undefined index:product但它仍然插入到该表中?有人能解释为什么会这样吗 这是我的PHP代码` <?php $con = mysqli_connect('localhost', 'root', ''); if(!$con) { echo'Not connected to Server'; } if(!mysqli

我现在让所有的php和sql都正常工作并正确插入到所有4个表中,但是我收到了一个错误
注意第39行的undefined index:product
但它仍然插入到该表中?有人能解释为什么会这样吗

这是我的PHP代码`

<?php

    $con = mysqli_connect('localhost', 'root', '');

    if(!$con)
    {
        echo'Not connected to Server';
    }

    if(!mysqli_select_db($con, 'horizonphotography'))

    {
        echo'DataBase Not Selected';
    }
/*personal */
    $firstname = mysqli_real_escape_string($con, $_POST['firstname']);
    $lastname = mysqli_real_escape_string($con, $_POST['lastname']);
    $mobile = mysqli_real_escape_string($con, $_POST['mobile']);
    $homephone = mysqli_real_escape_string($con, $_POST['homephone']);
    $email = mysqli_real_escape_string($con, $_POST['email']);
/*personal */

/*shipping */
    $region = mysqli_real_escape_string($con, $_POST['region']);
    $address = mysqli_real_escape_string($con, $_POST['address']);
    $city = mysqli_real_escape_string($con, $_POST['city']);
    $postcode = mysqli_real_escape_string($con, $_POST['postcode']);
/*shipping */

/*creditcard info */
    $nameoncard = $_POST['nameoncard'];
    $ccnumber = $_POST['ccnumber'];
    $month = $_POST['month'];
    $year = $_POST['year'];
    $code = $_POST['code'];
/*credit card info */

/*Product info */
    $product = $_POST['product'];
/*product info */

/*personal */
    $sql1 = "INSERT INTO paymentPersonal (firstname, lastname, mobile, homephone, email) VALUES ('$firstname', '$lastname', '$mobile', '$homephone', '$email')";

/*shipping */
     $sql2 = "INSERT INTO paymentsShipping (address, region, city, postcode) VALUES ('$region', '$address', '$city', '$postcode')";

/*credit card details*/
     $sql3 = "INSERT INTO paymentsPayment (nameoncard, ccnumber, year, month, code) VALUES ('$nameoncard', '$ccnumber', '$month', '$year', '$code')";

/*product details*/
     $sql4 = "INSERT INTO paymentsProduct (product) VALUES ('$product')";


   if(!mysqli_query($con,$sql1)) echo 'Not Inserted into paymentPersonal';
    else if(!mysqli_query($con,$sql2)) echo 'Not Inserted into paymentsShipping';
    else if(!mysqli_query($con,$sql3)) echo 'Not Inserted into paymentsPayment';
    else if(!mysqli_query($con,$sql4)) echo 'Not Inserted into paymentsProduct';
    else echo 'Thank You For Your Order! You Will recive a confirmaton E-Mail Shortly';

    header("refresh:3; url=shop.php");
?>  

所有查询都分配给
$sql
,因此只插入最后一个查询,因为它将覆盖上一个
$sql

您需要将它们更改为
$sql1
$sql2
$sql3
$sql4


/*personal */
    $sql1 = "INSERT INTO paymentPersonal (firstname, lastname, mobile, homephone, email) VALUES ('$firstname', '$lastname', '$mobile', '$homephone', '$email')";

/*shipping */
     $sql2 = "INSERT INTO paymentsShipping (address, region, city, postcode) VALUES ('$region', '$address', '$city', '$postcode')";

/*credit card details*/
       $sql3 = "INSERT INTO paymentsPayment (nameoncard, ccnumber, year, month, code) VALUES ('$nameoncard', '$ccnumber', '$month', '$year', '$code')";

/*product details*/
     $sql4 = "INSERT INTO paymentsProduct (product) VALUES ('$product')";


    if(!mysqli_query($con,$sql1)) echo 'Not Inserted into paymentPersonal';
    else if(!mysqli_query($con,$sql2)) echo 'Not Inserted into paymentsShipping';
    else if(!mysqli_query($con,$sql3)) echo 'Not Inserted into paymentsPayment';
    else if(!mysqli_query($con,$sql4)) echo 'Not Inserted into paymentsProduct';
    else echo 'Thank You For Your Order! You Will recive a confirmaton E-Mail Shortly';


这将回显未插入的表名,否则将回显“感谢您的订单!”

重要信息:您需要防止MySQL注入,例如:


$firstname = mysqli_real_escape_string($con, $_POST['firstname']);



除了luweiqi的答案,您还需要执行所有四个查询


if(!mysqli_query($con,$sql1) || !mysqli_query($con,$sql2) || !mysqli_query($con,$sql3) || !mysqli_query($con,$sql4))
    {
        echo 'Not Inserted';
    }



这种方法的问题是,如果一个或多个查询失败,它会显示“notinserted”。您可能希望设置更精细的内容来检查每个查询的成功/失败,并相应地响应用户。但是,除此之外,使用编号查询和多次执行将完成任务。
谢谢!!你从哪里得到了//{…}我会写这些值吗?例如`如果(!mysqli_query($con,$sql1))值($firstname’、$lastname’、$mobile’、$homephone’、$email’)“如果没有,会发生什么?好的!我现在已经把所有这些都准备好了,看起来一切正常,但我得到了一个错误;未定义的索引:像39上的产品?
/*产品信息*/$product=$POST['product'];/*产品信息*/
@TaylorStyles您发布的代码中似乎没有任何错误;)刚刚用更好的描述更新了主要问题?:)我添加了
mysqli\u real\u escape\u字符串($con,$\u POST['firstname'))
对于所有的变量,错误似乎已经解决了问题:)不要继续这样做!你没有清理用户输入并将其直接放入SQL查询中,这会打开你的大门。而且,这甚至没有考虑到要保存抄送号码,你可能需要避免自己陷入法律麻烦。只是为了使用我的学校评估将设置cc详情,但当它准备上线时,我会将其链接到paypal并放弃信用卡:),我不会相信我自己的编码来处理付款等。对于评估,我仍然会研究,甚至可能会研究。这肯定会使你的代码质量更高。好的,会研究它,我目前正在添加
$firstname=mysqli\u real\u escape\u string($con,$\u POST['firstname']);
现在加入到代码中以帮助sql注入谢谢!@luweiqi添加了更多代码,但仍然有效:)

if(!mysqli_query($con,$sql1) || !mysqli_query($con,$sql2) || !mysqli_query($con,$sql3) || !mysqli_query($con,$sql4))
    {
        echo 'Not Inserted';
    }