SQL&;PHP帮助!!从1个表单插入4个表?更新
我现在让所有的php和sql都正常工作并正确插入到所有4个表中,但是我收到了一个错误SQL&;PHP帮助!!从1个表单插入4个表?更新,php,mysql,Php,Mysql,我现在让所有的php和sql都正常工作并正确插入到所有4个表中,但是我收到了一个错误注意第39行的undefined index:product但它仍然插入到该表中?有人能解释为什么会这样吗 这是我的PHP代码` <?php $con = mysqli_connect('localhost', 'root', ''); if(!$con) { echo'Not connected to Server'; } if(!mysqli
注意第39行的undefined index:product
但它仍然插入到该表中?有人能解释为什么会这样吗
这是我的PHP代码`
<?php
$con = mysqli_connect('localhost', 'root', '');
if(!$con)
{
echo'Not connected to Server';
}
if(!mysqli_select_db($con, 'horizonphotography'))
{
echo'DataBase Not Selected';
}
/*personal */
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$mobile = mysqli_real_escape_string($con, $_POST['mobile']);
$homephone = mysqli_real_escape_string($con, $_POST['homephone']);
$email = mysqli_real_escape_string($con, $_POST['email']);
/*personal */
/*shipping */
$region = mysqli_real_escape_string($con, $_POST['region']);
$address = mysqli_real_escape_string($con, $_POST['address']);
$city = mysqli_real_escape_string($con, $_POST['city']);
$postcode = mysqli_real_escape_string($con, $_POST['postcode']);
/*shipping */
/*creditcard info */
$nameoncard = $_POST['nameoncard'];
$ccnumber = $_POST['ccnumber'];
$month = $_POST['month'];
$year = $_POST['year'];
$code = $_POST['code'];
/*credit card info */
/*Product info */
$product = $_POST['product'];
/*product info */
/*personal */
$sql1 = "INSERT INTO paymentPersonal (firstname, lastname, mobile, homephone, email) VALUES ('$firstname', '$lastname', '$mobile', '$homephone', '$email')";
/*shipping */
$sql2 = "INSERT INTO paymentsShipping (address, region, city, postcode) VALUES ('$region', '$address', '$city', '$postcode')";
/*credit card details*/
$sql3 = "INSERT INTO paymentsPayment (nameoncard, ccnumber, year, month, code) VALUES ('$nameoncard', '$ccnumber', '$month', '$year', '$code')";
/*product details*/
$sql4 = "INSERT INTO paymentsProduct (product) VALUES ('$product')";
if(!mysqli_query($con,$sql1)) echo 'Not Inserted into paymentPersonal';
else if(!mysqli_query($con,$sql2)) echo 'Not Inserted into paymentsShipping';
else if(!mysqli_query($con,$sql3)) echo 'Not Inserted into paymentsPayment';
else if(!mysqli_query($con,$sql4)) echo 'Not Inserted into paymentsProduct';
else echo 'Thank You For Your Order! You Will recive a confirmaton E-Mail Shortly';
header("refresh:3; url=shop.php");
?>
所有查询都分配给$sql
,因此只插入最后一个查询,因为它将覆盖上一个$sql
您需要将它们更改为$sql1
,$sql2
,$sql3
,$sql4
:
/*personal */
$sql1 = "INSERT INTO paymentPersonal (firstname, lastname, mobile, homephone, email) VALUES ('$firstname', '$lastname', '$mobile', '$homephone', '$email')";
/*shipping */
$sql2 = "INSERT INTO paymentsShipping (address, region, city, postcode) VALUES ('$region', '$address', '$city', '$postcode')";
/*credit card details*/
$sql3 = "INSERT INTO paymentsPayment (nameoncard, ccnumber, year, month, code) VALUES ('$nameoncard', '$ccnumber', '$month', '$year', '$code')";
/*product details*/
$sql4 = "INSERT INTO paymentsProduct (product) VALUES ('$product')";
if(!mysqli_query($con,$sql1)) echo 'Not Inserted into paymentPersonal';
else if(!mysqli_query($con,$sql2)) echo 'Not Inserted into paymentsShipping';
else if(!mysqli_query($con,$sql3)) echo 'Not Inserted into paymentsPayment';
else if(!mysqli_query($con,$sql4)) echo 'Not Inserted into paymentsProduct';
else echo 'Thank You For Your Order! You Will recive a confirmaton E-Mail Shortly';
这将回显未插入的表名,否则将回显“感谢您的订单!”
重要信息:您需要防止MySQL注入,例如:
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
除了luweiqi的答案,您还需要执行所有四个查询
if(!mysqli_query($con,$sql1) || !mysqli_query($con,$sql2) || !mysqli_query($con,$sql3) || !mysqli_query($con,$sql4))
{
echo 'Not Inserted';
}
这种方法的问题是,如果一个或多个查询失败,它会显示“notinserted”。您可能希望设置更精细的内容来检查每个查询的成功/失败,并相应地响应用户。但是,除此之外,使用编号查询和多次执行将完成任务。谢谢!!你从哪里得到了//{…}我会写这些值吗?例如`如果(!mysqli_query($con,$sql1))值($firstname’、$lastname’、$mobile’、$homephone’、$email’)“如果没有,会发生什么?好的!我现在已经把所有这些都准备好了,看起来一切正常,但我得到了一个错误;未定义的索引:像39上的产品?/*产品信息*/$product=$POST['product'];/*产品信息*/
@TaylorStyles您发布的代码中似乎没有任何错误;)刚刚用更好的描述更新了主要问题?:)我添加了mysqli\u real\u escape\u字符串($con,$\u POST['firstname'))
对于所有的变量,错误似乎已经解决了问题:)不要继续这样做!你没有清理用户输入并将其直接放入SQL查询中,这会打开你的大门。而且,这甚至没有考虑到要保存抄送号码,你可能需要避免自己陷入法律麻烦。只是为了使用我的学校评估将设置cc详情,但当它准备上线时,我会将其链接到paypal并放弃信用卡:),我不会相信我自己的编码来处理付款等。对于评估,我仍然会研究,甚至可能会研究。这肯定会使你的代码质量更高。好的,会研究它,我目前正在添加$firstname=mysqli\u real\u escape\u string($con,$\u POST['firstname']);
现在加入到代码中以帮助sql注入谢谢!@luweiqi添加了更多代码,但仍然有效:)
if(!mysqli_query($con,$sql1) || !mysqli_query($con,$sql2) || !mysqli_query($con,$sql3) || !mysqli_query($con,$sql4))
{
echo 'Not Inserted';
}