我用自己的数据库制作了一个管理面板。
在连接到另一个(它自己的)数据库的 preorder.php 页面上,在用户填写表格并且 stripe 处理订单后,我检查费用是否已支付;
if ($charge->paid == true) {
$amountReadable = $amount / 100; // to add in decimal points
echo '<div class="alert alert-success">Your card was successfully billed for $'.$amountReadable.'</div>';
$status = "paid";
然后我连接到主数据库和管理数据库(它们都有“订单”表)并插入此查询:
$connect = mysql_connect("localhost",DB_USER,DB_PASS);
if (!$connect){
die('Could not connect: ' . mysql_error());
}
mysql_select_db(DB_NAME, $connect);
$query = "INSERT INTO 'DB_NAME'.`orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `timestamp`, `status`) VALUES ('$email','$cardName', '$qty', '$product', '$amountReadable', '$customer->id', '$charge->id', '$cardAddress1', '$cardAddress2', '$cardCity', '$cardState', '$cardZipcode', CURRENT_TIMESTAMP`, $status);";
mysql_query($query);
if (mysql_errno()) {
$error = "MySQL error ".mysql_errno().": ".mysql_error()."\n<br>When executing:<br>\n$query\n<br>";
exit;
}
mysql_close($connect);
//insert into db for admin
$connect = mysql_connect("--------","------","-------");
if (!$connect){
die('Could not connect: ' . mysql_error());
}
mysql_select_db(database2, $connect);
$query = "INSERT INTO 'database2'.`orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `timestamp`, `status`) VALUES ('$email','$cardName', '$qty', '$product', '$amountReadable', '$customer->id', '$charge->id', '$cardAddress1', '$cardAddress2', '$cardCity', '$cardState', '$cardZipcode', CURRENT_TIMESTAMP, $status);";
然后在管理面板上它有自己的数据库(上面的 database2),(orders.php) 我将这些数据拉入 Bootstrap 表,如下所示:
编辑 1#:我将管理面板中的 orders.php 更改为如下内容:
$result = mysqli_query($con,"SELECT * FROM orders");
echo "<table border='1' data-toggle='table'>
<tr>
<th>id</th>
<th>email</th>
<th>name</th>
<th>qty</th>
<th>product</th>
<th>amount</th>
<th>address1</th>
<th>address2</th>
<th>city</th>
<th>state</th>
<th>zip</th>
<th>status</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['qty'] . "</td>";
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['amount'] . "</td>";
echo "<td>" . $row['address1'] . "</td>";
echo "<td>" . $row['address2'] . "</td>";
echo "<td>" . $row['city'] . "</td>";
echo "<td>" . $row['state'] . "</td>";
echo "<td>" . $row['zip'] . "</td>";
echo "<td>" . $row['status']. "</td>";
echo "<td><form action='markshipped.php' method='POST'><input type='hidden' name='status' value='".$row["id"]."'/><input type='submit' name='submit-btn' value='Mark Item Shipped' /><form></td>";
echo "</tr>";
}
echo "</table>";
那么我的 markshipped.php 是:
<?php
$con=mysqli_connect("----","----","----","----");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($con,"UPDATE orders SET status='shipped' WHERE id=$id");
mysqli_close($con);
?>
我仍然对 php/mysql 不太满意,不幸的是我无法测试它,直到有人购买任何东西,因为在 strip 测试模式下,没有一张卡无法通过表格...
所以我的问题主要是:
我收到两条错误消息:
1. undefined variable :id in/admin/orders/markshipped.php 第9行
-这是这一行:mysqli_query($con,"UPDATE orders SET status='shipped' WHERE id=$id");
2.未定义索引:状态在/admin/orders/orders.php第88行
-即:echo "<td>" . $row['status']. "</td>";
显然我正在设置 $status = "paid";错误和/或错误的地方。
我如何正确设置这些以便最初将商品标记为“已付款”,然后在点击每一行的“标记商品已发货”按钮后将其更改为“已发货”?你能发现我的代码中的任何其他错误吗?
非常感谢您的宝贵时间!
最佳答案
您需要使用以下方法获取您的 $_POST['status']:
$id = $_POST['status'];
在 markshipped.php 中以运行您的查询。我会将隐藏输入字段的名称更改为“id”并获取 $_POST['id'],因为你想提交 id。
你在这一行中有一个`(第一个插入查询):
CURRENT_TIMESTAMP`<<<<here , $status
并且需要删除这个/最好在 mysql 中将该列设置为 on_update_current_timestamp
$status 需要在 ' ' 中,我想 $id 是一个整数,所以你可以不带 ' '。
您正在混合使用 mysql_ 和 mysqli_,我强烈建议在 mysqli_ 中重写整个代码,特别是对于您的插入语句,您确实应该使用准备好的语句和 mysqli_。 mysql_ 已贬值且不安全。你对 sql 注入(inject)持开放态度
为什么设置 id = NULL ?这应该是一个自动递增字段,您不应在查询中将其设置为 null。
如果您将对象数据放入数据库,我会使用 '{$customer->id}' 或设置
$customer_id = $customer->id;
在您查询之前,可以更轻松地检查您的查询
你不需要指定
INSERT INTO **'database2'**.订单
数据库 2,数据库已被选中 - 再次说明:改用 mysqli_ 和准备好的语句!
例子:
$customer_id = $customer->id;
$charge_id = $charge->id;
$stmt = $sql->prepare("INSERT INTO `orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `status`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param('ssissssssssss', $email,$cardName, $qty, $product, $amountReadable, $customer_id, $charge_id, $cardAddress1, $cardAddress2, $cardCity, $cardState, $cardZipcode, $status);
$stmt->execute();
如果这样做,您需要为 mysqli_ 而不是 mysql_ 设置连接
block 1:
<?php
if ($charge->paid == true) {
$amountReadable = $amount / 100; // to add in decimal points
echo '<div class="alert alert-success">Your card was successfully billed for $' . $amountReadable . '</div>';
$status = "paid";
}
第 2 block :
<?php
$connect = new mysqli("localhost",DB_USER,DB_PASS,DB_NAME);
$customer_id = $customer->id;
$charge_id = $charge->id;
$stmt = $connect->prepare("INSERT INTO orders (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `status`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param('ssissssssssss', $email,$cardName, $qty, $product, $amountReadable, $customer->id, $charge->id, $cardAddress1, $cardAddress2, $cardCity, $cardState, $cardZipcode, $status);
$stmt->execute();
$connect->close();
//insert into db for admin
$connect = new mysqli("--------","------","-------","--------");
$customer_id = $customer->id;
$charge_id = $charge->id;
$stmt = $connect->prepare("INSERT INTO `orders` (`email`, `name`, `qty`, `product`, `amount`, `stripe_customer_id`, `stripe_charge_id`, `address1`, `address2`, `city`, `state`, `zip`, `status`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param('ssissssssssss', $email,$cardName, $qty, $product, $amountReadable, $customer_id, $charge_id, $cardAddress1, $cardAddress2, $cardCity, $cardState, $cardZipcode, $status);
$stmt->execute();
第 3 block :
$con = new mysqli("--------","------","-------","--------");
$query = "SELECT * FROM orders";
if ($result = $con->query($query))
{
echo "<table border='1' data-toggle='table'>
<tr>
<th>id</th>
<th>email</th>
<th>name</th>
<th>qty</th>
<th>product</th>
<th>amount</th>
<th>address1</th>
<th>address2</th>
<th>city</th>
<th>state</th>
<th>zip</th>
<th>status</th>
</tr>";
while($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['qty'] . "</td>";
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['amount'] . "</td>";
echo "<td>" . $row['address1'] . "</td>";
echo "<td>" . $row['address2'] . "</td>";
echo "<td>" . $row['city'] . "</td>";
echo "<td>" . $row['state'] . "</td>";
echo "<td>" . $row['zip'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td><form action='markshipped.php' method='POST'><input type='hidden' name='id' value='" . $row["id"] . "'/><input type='submit' name='submit-btn' value='Mark Item Shipped' /></form></td>";
echo "</tr>";
}}
echo "</table>";
第 4 block :
$con= new mysqli("----","----","----","----");
// Check connection
$id = $_POST['id'];
$stmt = $con->prepare("UPDATE orders SET status = 'shipped' WHERE id = ?");
$stmt->bind_param('i', $id);
$stmt->execute();
$con->close();
关于php - 两个错误 - 在自定义管理面板上将一个项目标记为带有按钮,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26616333/