PHP code not entering the data into database_问答_开发者

PHP code not entering the data into database

开发者 https://www.devze.com 2023-02-28 01:48 出处：网络

$name = $_GET[\'fullname\']; $phone = $_GET[\'phone\']; $address = $_GET[\'address\']; $size = $_GET[\'size\'];

相关专题：php

    $name = $_GET['fullname'];
    $phone = $_GET['phone'];
    $address = $_GET['address'];
    $size = $_GET['size'];
    $toppings = $_GET['toppings'];
    $delivery = $_GET['type'];



    mysql_connect ("localhost", "root", "") or die ('Error: ' . mysql_error());
    mysql_select_db ("pizzaorders");
    $query ="INSERT INTO orders (fullname, phone, address, size, toppings, delivery)  VALUES ('".$name."', '".$phone."', '".$address."','".$size."','".$toppings."','".$delivery.")";
    $done=mysql_query($query);
    echo $done;        

    $total = 0;
    $total = sizecost()  + deliverycost() + toppingcost();

    echo " $name  your {$_GET["size"]} pizza will come in 45 minutes.";
    echo "Total: $ $total";
    echo " Your Toppings are ";
    foreach($toppings as $topping) {
    echo $topping  ;
     }
    echo "Your Delivery Type:{$_GET["type"]}";
    echo "Database Updated";

    function sizecost() {
        $size = 0;
        if ($_GET['size'] == "Small"){
            $size+=5;

        }
        else if ($_GET['size'] == "Medium"){
            $size+=10;

        }
        else if ($_GET['size'] == "Large"){
             $size+=15;
        }
         return $size;


    }

   function toppingcost() {
        $toppings = $_GET['toppings'];

        foreach($toppings as $topping) {
         $topping=1;    
         $topping=$topping+1; 
     }
        re开发者_StackOverflow社区turn $topping;
    }

    function deliverycost() {
        $deliverycost = 0;
        if ($_GET['type'] == "delivery") {
            $deliverycost += 5;
        }
        return $deliverycost;
    }

Last value is missing a single quote at the end.

Use echo mysql_error after mysql_query

IMPORTANT

You MUST use mysql_real_escape_string() to protect against [my]sql injection.

You can save a lot of effort with using PDO;

$db = new PDO('mysql:host=localhost;dbname=pizzaorders', "root", "");

$query = $db->prepare("INSERT INTO orders
           (fullname, phone, address, size, toppings, delivery)
           VALUES (?,?,?,?,?,?)");
$query->execute(array($name, $phone, $address, $size, $toppings, $delivery));

Or you can just use the $_GET[] variables there.

first you could print the erros on the screen so you know what's wrong

$done=mysql_query($query) or die(mysql_error());

and second, you are missing a quote at the end

,'".$delivery.")"; should be ,'".$delivery."')";

Edit:

to answer your second question:

I don't think you can use $_GET['type'] inside a function

better to get the type outside a function and then pass it as a parameter, like follow:

$type = mysql_real_escape_string($_GET['type']);
deliverycost($type);

and in your function

function deliverycost($type) 
{
      if(empty($type))
      {
            //throw error, type cannot be empty
      }
        $deliverycost = 0;
        if ($type == "delivery") {
            $deliverycost += 5;
        }
        return $deliverycost;
    }

Make sure you escape the single quotes like:

mysql_real_escape_string($name)

The query would be:

$query ="INSERT INTO orders (fullname, phone, address, size, toppings, delivery) 
VALUES ('".mysql_real_escape_string($name)."', '".mysql_real_escape_string($phone)."', '".mysql_real_escape_string($address)."','".mysql_real_escape_string($size)."','".mysql_real_escape_string($toppings)."','".mysql_real_escape_string($delivery)."')";

Also echo the query to see what query is being sent to the database.