2017-09-11 26 views
-1

データを送信して次のページに移動する際に問題が発生しました。私はそのwhileループを疑う。複数のデータを入力しようとしていますが、私はユーザー情報でデータベースに複数の項目を入力しようとしていますが、これについてどうやって行くのかは分かりません。私はコードが偉大ではないと私はすべてのコードを書き直しに取り組んでいるSQLインジェクションを得ることができます知っている。cart_chekoutのために提出するデータを取得する際に問題が発生しました。

cart.php

<?php 

session_start(); 
if(!isset($_SESSION["uid"])){ 
    header("location:index.php"); 
} 
?> 
<!DOCTYPE html> 
<html> 
    <head> 
     <meta charset="UTF-8"> 
     <title> Supplies</title> 
     <link rel="stylesheet" href="http://a0319p528/project2/assets/css/bootstrap.css"/> 
     <script src="http://a0319p528/project2/assets/js/jquery2.js"></script> 
     <script src="http://a0319p528/project2/assets/js/bootstrap.min.js"></script> 
     <script src="http://a0319p528/project2/main.js"></script> 
    </head> 
<body> 
    <div class="navbar navbar-inverse navbar-fixed-top"> 
     <div class="container-fluid"> 
      <div class="navbar-header"> 
       <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#collapse" aria-expanded="false"> 
        <span class="sr-only">navigation</span> 
        <span class="icon-bar"></span> 
        <span class="icon-bar"></span> 
        <span class="icon-bar"></span> 
       </button> 
       <a href="#" class="navbar-brand"> Supplies</a> 
      </div> 
     <div class="collapse navbar-collapse" id="collapse"> 
      <ul class="nav navbar-nav"> 
       <li><a href="index.php"><span class="glyphicon glyphicon-home"></span>Home</a></li> 
       <li><a href="index.php"><span class="glyphicon glyphicon-modal-window"></span>Product</a></li> 
      </ul> 
     </div> 
    </div> 
    </div> 
    <p><br/></p> 
    <p><br/></p> 
    <p><br/></p> 
    <div class="container-fluid"> 
     <div class="row"> 
      <div class="col-md-2"></div> 
      <div class="col-md-8" id="cart_msg"> 
       <!--Cart Message--> 
      </div> 
      <div class="col-md-2"></div> 
     </div> 
     <div class="row"> 
      <div class="col-md-2"></div> 
      <div class="col-md-8"> 
       <div class="panel panel-primary"> 
        <div class="panel-heading">Cart Checkout</div> 
        <div class="panel-body"> 
         <div class="row"> 
          <div class="col-md-2 col-xs-2"><b>Action</b></div> 
          <div class="col-md-2 col-xs-2"><b>Product Image</b></div> 
          <div class="col-md-2 col-xs-2"><b>Product Name</b></div> 
          <div class="col-md-2 col-xs-2"><b>Quantity</b></div> 
          <div class="col-md-2 col-xs-2"><b>Product Price</b></div> 
          <div class="col-md-2 col-xs-2"><b>Price in $</b></div> 
         </div> 
         <div id="cart_checkout"></div> 
         <!--<div class="row"> 
          <div class="col-md-2"> 
           <div class="btn-group"> 
            <a href="#" class="btn btn-danger"><span class="glyphicon glyphicon-trash"></span></a> 
            <a href="" class="btn btn-primary"><span class="glyphicon glyphicon-ok-sign"></span></a> 
           </div> 
          </div> 
          <div class="col-md-2"><img src='product_images/imges.jpg'></div> 
          <div class="col-md-2">Product Name</div> 
          <div class="col-md-2"><input type='text' class='form-control' value='1' ></div> 
          <div class="col-md-2"><input type='text' class='form-control' value='5000' disabled></div> 
          <div class="col-md-2"><input type='text' class='form-control' value='5000' disabled></div> 
         </div> --> 
         <!--<div class="row"> 
          <div class="col-md-8"></div> 
          <div class="col-md-4"> 
           <b>Total $500000</b> 
          </div> --> 
         </div> 
        </div> 
        <div class="panel-footer"></div> 
       </div> 
      </div> 
      <div class="col-md-2"></div> 

     </div> 
</body> 
</html> 

<script src="assets/js/textboxname_autocomplete.js" type="text/javascript"></script> 

    <?php 
    session_start(); 
    include "db.php"; 
    if(isset($_POST["category"])){ 
     $category_query = "SELECT * FROM categories"; 
     $run_query = mysqli_query($con,$category_query) or die(mysqli_error($con)); 
     echo " 
      <div class='nav nav-pills nav-stacked'> 
       <li class='active'><a href='#'><h4>Categories</h4></a></li> 
     "; 
     if(mysqli_num_rows($run_query) > 0){ 
      while($row = mysqli_fetch_array($run_query)){ 
       $cid = $row["cat_id"]; 
       $cat_name = $row["cat_title"]; 
       echo " 
         <li><a href='#' class='category' cid='$cid'>$cat_name</a></li> 
       "; 
      } 
      echo "</div>"; 
     } 
    } 
    if(isset($_POST["vendor"])){ 
     $vendor_query = "SELECT * FROM vendors"; 
     $run_query = mysqli_query($con,$vendor_query); 
     echo " 
      <div class='nav nav-pills nav-stacked'> 
       <li class='active'><a href='#'><h4>Vendors</h4></a></li> 
     "; 
     if(mysqli_num_rows($run_query) > 0){ 
      while($row = mysqli_fetch_array($run_query)){ 
       $vid = $row["vendor_id"]; 
       $vendor_name = $row["vendor_title"]; 
       echo " 
         <li><a href='#' class='selectVendor' vid='$vid'>$vendor_name</a></li> 
       "; 
      } 
      echo "</div>"; 
     } 
    } 
    if(isset($_POST["page"])){ 
     $sql = "SELECT * FROM products"; 
     $run_query = mysqli_query($con,$sql); 
     $count = mysqli_num_rows($run_query); 
     $pageno = ceil($count/9); 
     for($i=1;$i<=$pageno;$i++){ 
      echo " 
       <li><a href='#' page='$i' id='page'>$i</a></li> 
      "; 
     } 
    } 

    if(isset($_POST["getProduct"])){ 

     $product_query = "SELECT * FROM products Order by product_title"; 
     $run_query = Mysqli_query($con, $product_query); 
     if(mysqli_num_rows($run_query) >0){ 
      while($row = mysqli_fetch_array($run_query)){ 
       $pro_id = $row['product_id']; 
       $pro_cat = $row['product_cat']; 
       $pro_vendor = $row['product_vendor']; 
       $pro_title = $row['product_title']; 
       $pro_price = $row['product_price']; 
       $pro_image = $row['product_image']; 
       $pro_desc = $row['product_desc']; 
       $pro_item_number = $row['product_item_number']; 

       echo " 
      <div class='col-md-4 '> 
       <div class='panel panel-info'> 
        <div class='panel-heading'>$pro_title</div> 
       <div class='panel-body'> 
        <img src='assets/product_images/$pro_image' style ='width:100px; height:100px;'> 
        <p>$pro_desc</p> 
        <p>Item # $pro_item_number</p></div> 
      <div class='panel-heading'>$.$pro_price.00 
       <button pid='$pro_id' style='float:right;' id='product' class='btn btn-danger btn-xs'>AddToCart</button> 
      </div> 
     </div> 
    </div>"; 

      } 
     } 

    } 
    if(isset($_POST["get_seleted_Category"]) || isset($_POST["selectVendor"]) || isset($_POST["search"])){ 
     if(isset($_POST["get_seleted_Category"])){ 
      $id = $_POST["cat_id"]; 
      $sql = "SELECT * FROM products WHERE product_cat = '$id'"; 
     }else if(isset($_POST["selectVendor"])){ 
      $id = $_POST["vendor_id"]; 
      $sql = "SELECT * FROM products WHERE product_vendor = '$id'"; 
     }else { 
      $keyword = $_POST["keyword"]; 
      $sql = "SELECT * FROM products WHERE product_keywords LIKE '%$keyword%'"; 
     } 

     $run_query = mysqli_query($con,$sql); 
     while($row=mysqli_fetch_array($run_query)){ 
       $pro_id = $row['product_id']; 
       $pro_cat = $row['product_cat']; 
       $pro_vendor = $row['product_vendor']; 
       $pro_title = $row['product_title']; 
       $pro_price = $row['product_price']; 
       $pro_image = $row['product_image']; 
       $pro_item_number = $row['product_item_number']; 

        echo " 
       <div class='col-md-4 box1'> 
       <div class='panel panel-info'> 
        div class='panel-heading'>$pro_title</div> 

        <div class='panel-body'> 
          <img src='assets/product_images/$pro_image' style ='width:100px; height:100px;'> 
          <p>$pro_desc</p> 
          <p>Item # $pro_item_number</p></div> 

        <div class='panel-heading'>$.$pro_price.00 
        <button pid='$pro_id' style='float:right;' id='product' class='btn btn-danger btn-xs'>AddToCart</button> 
        </div> 
       </div> 
     </div> 
     "; 
      } 
     } 

     if(isset($_POST["addToProduct"])){ 

      if(isset($_SESSION["uid"])){ 
       $p_id = $_POST["proId"]; 
      $user_id = $_SESSION["uid"]; 
      $sql = "SELECT * FROM cart WHERE p_id = '$p_id' AND user_id = '$user_id'"; 
      $run_query = mysqli_query($con,$sql); 
      $count = mysqli_num_rows($run_query); 
      if($count > 0){ 
       echo " 
        <div class='alert alert-warning'> 
          <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a> 
          <b>Product is already added into the cart Continue Shopping..!</b> 
        </div> 
       ";//not in video 
      } else { 
       $sql = "SELECT * FROM products WHERE product_id = '$p_id'"; 
       $run_query = mysqli_query($con,$sql); 
       $row = mysqli_fetch_array($run_query); 
        $id = $row["product_id"]; 
        $pro_name = $row["product_title"]; 
        $pro_image = $row["product_image"]; 
        $pro_price = $row["product_price"]; 
       $sql = "INSERT INTO `cart` 
       (`id`, `p_id`, `ip_add`, `user_id`, `product_title`, 
       `product_image`, `qty`, `price`, `total_amt`) 
       VALUES (NULL, '$p_id', '0', '$user_id', '$pro_name', 
       '$pro_image', '1', '$pro_price', '$pro_price')"; 
       if(mysqli_query($con,$sql)){ 
        echo " 
         <div class='alert alert-success'> 
          <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a> 
          <b>Product is Added..!</b> 
         </div> 
        "; 
       } 
      } 
      }else{ 
       echo " 
         <div class='alert alert-success'> 
          <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a> 
          <b>Sorry..!go and Sign Up First then you can add a product to your cart</b> 
         </div> 
        "; 
      } 




     } 
    //the issue starts here for the question I am asking. 
    if(isset($_POST["get_cart_product"]) || isset($_POST["cart_checkout"])){ 
     $uid = $_SESSION["uid"]; 
     $sql = "SELECT * FROM cart WHERE user_id = '$uid'"; 
     $run_query = mysqli_query($con,$sql); 
     $count = mysqli_num_rows($run_query); 
     if($count > 0){ 
      $no = 1; 
      $total_amt = 0; 
      while($row=mysqli_fetch_array($run_query)){ 
       $id = $row["id"]; 
       $pro_id = $row["p_id"]; 
       $pro_name = $row["product_title"]; 
       $pro_image = $row["product_image"]; 
       $qty = $row["qty"]; 
       $pro_price = $row["price"]; 
       $total = $row["total_amt"]; 
       $price_array = array($total); 
       $total_sum = array_sum($price_array); 
       $total_amt = $total_amt + $total_sum; 
       setcookie("ta",$total_amt,strtotime("+1 day"),"/","","",TRUE); 
       if(isset($_POST["get_cart_product"])){ 
        echo " 
        <div class='row'> 
         <div class='col-md-3 col-xs-3'>$no</div> 
         <div class='col-md-3 col-xs-3'><img src='assets/product_images/$pro_image' width='60px' height='50px'></div> 
         <div class='col-md-3 col-xs-3'>$pro_name</div> 
         <div class='col-md-3 col-xs-3'>$.$pro_price.00</div> 
        </div> 
       "; 
       $no = $no + 1; 
       }else{ 
        echo " 
         <div class='row'> 
           <div class='col-md-2 col-sm-2'> 
            <div class='btn-group'> 
             <a href='#' remove_id='$pro_id' class='btn btn-danger btn-xs remove'><span class='glyphicon glyphicon-trash'></span></a> 
             <a href='' update_id='$pro_id' class='btn btn-primary btn-xs update'><span class='glyphicon glyphicon-ok-sign'></span></a> 
            </div> 
           </div>"; 



           echo" 

           <form action='user_information.php' id='form1' method='post'> 
           <div class='col-md-2 col-sm-2'><img src='assets/product_images/$pro_image' width='50px' height='60'></div> 
           <div class='col-md-2 col-sm-2'><input name='name' type='text' class='form-control qty' pid='$pro_name ' id='qty-$pro_name ' value='$pro_name ' ></div> 
           <div class='col-md-2 col-sm-2'><input name='qty' type='text' class='form-control qty' pid='$pro_id' id='qty-$pro_id' value='$qty' ></div> 
           <div class='col-md-2 col-sm-2'><input name='price' type='text' class='form-control price' pid='$pro_id' id='price-$pro_id' value='$pro_price' disabled></div> 
           <div class='col-md-2 col-sm-2'><input name ='total' type='text' class='form-control total' pid='$pro_id' id='total-$pro_id' value='$total' disabled></div> 
          </div>"; 
         } 
        } 


           echo" 

            <h3>Employee Information</h3> 
             <label>Lan ID</label> 
             <input type='text' name='lanId' id='lanId' autocomplete='off' class='form-control' > 
             <label>Employee Name</label> 
             <input type='text' name='employeeName' id='name' autocomplete='off' class='form-control'> 
             <label>Department</label> 
             <select name='department' id='department' class='form-control'> 
              <option value =''>Select Department...</option> 
              <option value ='OTHER'> OTHER</option> 

             </select> 

            <label>Cost Center</label> 
            <input type='text' class='form-control' name='costCenter' value=''> 
            <br><br><br> 
            <input type='submit' class='btn btn-primary' value='Submit'> 

           </form>"; 



      if(isset($_POST["cart_checkout"])){ 
       echo "<div class='row'> 
        <div class='col-md-8'></div> 
        <div class='col-md-4'> 
         <h1>Total $$total_amt</h1> 
        </div>"; 
      } 
      echo ' 


         <input type="hidden" name="cmd" value="_cart"> 
         <input type="hidden" name="upload" value="1"> 


         '; 

         $x=0; 
         $uid = $_SESSION["uid"]; 
         $sql = "SELECT * FROM cart WHERE user_id = '$uid'"; 
         $run_query = mysqli_query($con,$sql); 
         while($row=mysqli_fetch_array($run_query)){ 
          $x++; 
        echo '<input type="hidden" name="item_name_'.$x.'" value="'.$row["product_title"].'"> 
         <input type="hidden" name="item_number_'.$x.'" value="'.$x.'"> 
         <input type="hidden" name="amount_'.$x.'" value="'.$row["price"].'"> 
         <input type="hidden" name="quantity_'.$x.'" value="'.$row["qty"].'">'; 



         } 






     } 
    } 

    if(isset($_POST["cart_count"]) AND isset($_SESSION["uid"])){ 
     $uid = $_SESSION["uid"]; 
     $sql = "SELECT * FROM cart WHERE user_id = '$uid'"; 
     $run_query = mysqli_query($con,$sql); 
     echo mysqli_num_rows($run_query); 
    } 
    if(isset($_POST["removeFromCart"])){ 
     $pid = $_POST["removeId"]; 
     $uid = $_SESSION["uid"]; 
     $sql = "DELETE FROM cart WHERE user_id = '$uid' AND p_id = '$pid'"; 
     $run_query = mysqli_query($con,$sql); 
     if($run_query){ 
      echo " 
       <div class='alert alert-danger'> 
        <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a> 
        <b>Product is Removed from Cart Continue Shopping..!</b> 
       </div> 
      "; 
     } 
    } 

    if(isset($_POST["updateProduct"])){ 
     $uid = $_SESSION["uid"]; 
     $pid = $_POST["updateId"]; 
     $qty = $_POST["qty"]; 
     $price = $_POST["price"]; 
     $total = $_POST["total"]; 

     $sql = "UPDATE cart SET qty = '$qty',price='$price',total_amt='$total' 
     WHERE user_id = '$uid' AND p_id='$pid'"; 
     $run_query = mysqli_query($con,$sql); 
     if($run_query){ 
      echo " 
       <div class='alert alert-success'> 
        <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a> 
        <b>Product is Updated Continue Shopping..!</b> 
       </div> 
      "; 
     } 
    } 

?> 

action.php main.js

$(document).ready(function(){ 
    cat(); 
    vendor(); 
    product(); 
    function cat(){ 
     $.ajax({ 
      url : "action.php", 
      method: "POST", 
      data : {category:1}, 
      success : function(data){ 
       $("#get_category").html(data); 

      } 
     }) 
    } 
    function vendor(){ 
     $.ajax({ 
      url : "action.php", 
      method: "POST", 
      data : {vendor:1}, 
      success : function(data){ 
       $("#get_vendor").html(data); 
      } 
     }) 
    } 
     function product(){ 
     $.ajax({ 
      url : "action.php", 
      method: "POST", 
      data : {getProduct:1}, 
      success : function(data){ 
       $("#get_product").html(data); 
      } 
     }) 
    } 
    $("body").delegate(".category","click",function(event){ 
     $("#get_product").html("<h3>Loading...</h3>"); 
     event.preventDefault(); 
     var cid = $(this).attr('cid'); 

      $.ajax({ 
      url  : "action.php", 
      method : "POST", 
      data : {get_seleted_Category:1,cat_id:cid}, 
      success : function(data){ 
       $("#get_product").html(data); 
       if($("body").width() < 480){ 
        $("body").scrollTop(683); 
       } 
      } 
     }) 

    }) 
    $("body").delegate(".selectVendor","click",function(event){ 
     event.preventDefault(); 
     $("#get_product").html("<h3>Loading...</h3>"); 
     var vid = $(this).attr('vid'); 

      $.ajax({ 
      url  : "action.php", 
      method : "POST", 
      data : {selectVendor:1,vendor_id:vid}, 
      success : function(data){ 
       $("#get_product").html(data); 
       if($("body").width() < 480){ 
        $("body").scrollTop(683); 
       } 
      } 
     }) 

    }) 
    $("#search_btn").click(function(){ 
     $("#get_product").html("<h3>Loading...</h3>"); 
     var keyword = $("#search").val(); 
     if(keyword != ""){ 
      $.ajax({ 
      url  : "action.php", 
      method : "POST", 
      data : {search:1,keyword:keyword}, 
      success : function(data){ 
       $("#get_product").html(data); 
       if($("body").width() < 480){ 
        $("body").scrollTop(683); 
       } 
      } 
     }) 
     } 
    }) 
    $("#signup_button").click(function(event){ 
     event.preventDefault(); 
      $.ajax({ 
      url  : "register.php", 
      method : "POST", 
      data : $("form").serialize(), 
      success : function(data){ 
       $("#signup_msg").html(data); 
      } 
     }) 

    }) 
    $("#login").click(function(event){ 
     event.preventDefault(); 
     var lanId = $("#lanId").val(); 
     var pass = $("#password").val(); 
     $.ajax({ 
      url : "login.php", 
      method: "POST", 
      data : {userLogin:1,userLanId:lanId,userPassword:pass}, 
      success :function(data){ 
       if(data == "truefsvkjbskvvsbd"){ 
        window.location.href = "profile.php"; 
       } 
      } 
     }) 
    }) 
    cart_count(); 
    $("body").delegate("#product","click",function(event){ 
     event.preventDefault(); 
     var p_id = $(this).attr('pid'); 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {addToProduct:1,proId:p_id}, 
      success : function(data){ 
       $("#product_msg").html(data); 
       cart_count(); 
      } 
     }) 
    }) 
    cart_container(); 
    function cart_container(){ 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {get_cart_product:1}, 
      success : function(data){ 
       $("#cart_product").html(data); 
      } 
     }) 

    }; 
    function cart_count(){ 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {cart_count:1}, 
      success : function(data){ 
       $(".badge").html(data); 
      } 
     }) 
    } 

    $("#cart_container").click(function(event){ 
     event.preventDefault(); 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {get_cart_product:1}, 
      success : function(data){ 
       $("#cart_product").html(data); 
      } 
     }) 

    }) 
    cart_checkout(); 
    function cart_checkout(){ 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {cart_checkout:1}, 
      success : function(data){ 
       $("#cart_checkout").html(data); 
      } 
     }) 
    } 
    $("body").delegate(".qty","keyup",function(){ 
     var pid = $(this).attr("pid"); 
     var qty = $("#qty-"+pid).val(); 
     var price = $("#price-"+pid).val(); 
     var total = qty * price; 
     $("#total-"+pid).val(total); 
    }) 
    $("body").delegate(".remove","click",function(event){ 
     event.preventDefault(); 
     var pid = $(this).attr("remove_id"); 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {removeFromCart:1,removeId:pid}, 
      success : function(data){ 
       $("#cart_msg").html(data); 
       cart_checkout(); 
      } 
     }) 
    }) 
    $("body").delegate(".update","click",function(event){ 
     event.preventDefault(); 
     var pid = $(this).attr("update_id"); 
     var qty = $("#qty-"+pid).val(); 
     var price = $("#price-"+pid).val(); 
     var total = $("#total-"+pid).val(); 
     $.ajax({ 
      url :"action.php", 
      method : "POST", 
      data : {updateProduct:1,updateId:pid,qty:qty,price:price,total:total}, 
      success : function(data){ 
       $("#cart_msg").html(data); 
       cart_checkout(); 
      } 
     }) 
    }) 
    page(); 
    function page(){ 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {page:1}, 
      success : function(data){ 
       $("#pageno").html(data); 
      } 
     }) 
    } 
    $("body").delegate("#page","click",function(){ 
     var pn = $(this).attr("page"); 
     $.ajax({ 
      url : "action.php", 
      method : "POST", 
      data : {getProduct:1,setPage:1,pageNumber:pn}, 
      success : function(data){ 
       $("#get_product").html(data); 
      } 
     }) 
    }) 
}) 
+0

'get_cart_product'と' cart_checkout'はどこに定義されていますか? – Script47

+0

申し訳ありませんが、コードを更新してそれらの部分を追加しましょう – Donny

答えて

0

、あなたはあなたのelse内のあなたの<form>を定義しているので、あなたのifが正しいかどうかフォームは決してうまくいかないでしょう。

+0

whileループの複数の項目をすべてユーザー情報と共に取得できるようにする必要があります。これははるかに複雑になるようですが、 。 – Donny

+0

ok私はあなたの言っていることを理解していると思いますので、従業員の情報に移動して動作します。私は、elseステートメントから情報を取得してフォームに入れる方法を理解する必要があったと思います。複数のアイテムがカートに追加されました。 – Donny

関連する問題