0

所以我有这段代码将项目从数据库传递到我的订单表。当我回应会议时。session 变量包含一些东西,所以没有问题。但是当我在 numrows 下回显这些变量时,它什么也没显示。有什么不对?

<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();
require("connect.php");
$UserID = $_SESSION['CustNum'];
$UserN = $_SESSION['UserName'];

        $ProdGTotal = $_SESSION['ProdGTotal'];

        $queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'");
        $numrows = mysql_num_rows($queryord);

        if(numrows == 1){
            $row = mysql_fetch_assoc($queryord)or die ('Unable to run query:'.mysql_error()); // fetch associated: get function from a query for a database
            $dbstreet = $row['Street']; 
            $dhousenum = $row['HouseNum']; 
            $dbcnum = $row['CelNum']; 
            $dbarea = $row['Area'];
            $dbbuilding = $row['Building'];
            $dbcity = $row['City'];
            $dbpnum = $row['PhoneNum'];
            $dbfname = $row['FName'];
            $dblname = $row['LName'];

        }
        else
        die(mysql_error());

        $query4=mysql_query("INSERT INTO orderdetails VALUES ('', '$UserID', Now(), '$dbhousenum', '$dbstreet', '$dbarea', '$dbbuilding', '$dbcity',     '$dbfname', '$dblname', '$dbcnum', '$dbpnum', '$ProdGTotal')",$connect);

            if ($query4){

            header("location:index.php");

            }
            else
        die(mysql_error());


?>
4

2 回答 2

0

if(numrows == 1) => if($numrows == 1){

于 2012-10-14T03:30:45.120 回答
0

首先你输入

if(numrows == 1){

而是变量:

if($numrows == 1){

而不是检查用户,您可以:

$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN'");    
$numrows = mysql_num_rows($queryord);

用于:

$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");    
$numrows = mysql_num_rows($queryord);

因为你想获取一个用户,但你失败了,因为你没有逃脱:

$UserN = mysql_real_escape_string($UserN);
$queryord = mysql_query("SELECT * FROM customer WHERE UserName = '$UserN' LIMIT 1");    
$numrows = mysql_num_rows($queryord);

您应该以更好的方式编写代码,并查看有关 stackoverflow 如何获取数据的最佳实践示例。请参阅阻止 SQL 注入和漏洞的最佳实践。

此站点上显示了示例:如何防止 PHP 中的 SQL 注入?

于 2012-10-14T03:34:38.517 回答