PHP函数显示变量,从数据库中获取行。 if规则捕获GET请求,并会在表中插入值,但事实并非如此。下面的代码是什么问题?谢谢。
<a href='index.php?add_cart=$pro_id'>
Add to cart
</a>
//rule
if(isset($_GET['add_cart'])){
global $conn;
$ip=getIp();
$pro_id = $_GET['add_cart'];
$check_pro = "select * from cart where ip_add='$ip' && p_id='$pro_id'";
$run_check = mysqli_query($conn,$check_pro);
if(mysqli_num_rows($run_check)>0){
$insert_pro = "insert into cart (p_id,ip_add,units,size) values ('$pro_id','$ip','1','NULL')";
$run_pro = mysqli_query($conn,$insert_pro);
echo "<script>window.open('index.php','_self')</script>";
}
else{
$insert_pro = "insert into cart (p_id,ip_add,units,size) values ('$pro_id','$ip','1','NULL')";
$run_pro = mysqli_query($conn,$insert_pro);
echo "<script>window.open('index.php','_self')</script>";
}
}
}
您可以检查以下与mysqli准备和绑定参数相关的代码。
if (isset($_GET['add_cart'])) {
$conn = new mysqli('server', 'user', 'password', 'database');
if (mysqli_connect_errno()) {
echo 'connection failure: '.mysqli_connect_errno();
exit;
}
try {
// ...
/* prepare query statement
check for existence id + ip first.
*/
$query = $conn->prepare(
'insert into cart (id, ip, units, size) '.
'select * from (select ?, ?, ?, ?) t '.
'where (select id from cart where id = ? and ip = ? limit 1) is null';
);
/* Binding parameters:
i : integer type
s : string type
d : double type
*/
$query->bind_param('issdis', $id, $ip, $units, $size, $id, $ip);
/* execute query statement and close after execution */
try {
$query->execute();
echo 'Row created: '. $query->affected_rows;
} finally {
$query->close();
}
} finally {
/* make sure to close the database connection */
$conn->close();
}
}
//...