我有一个网站www.jazz.eu。
我在另一个服务器上将这个站点的确切副本复制到另一个具有不同域名的站点。新的是www.vetur.nl。
一切正常(我的意思是类似于jazz.eu)。除购物车流程外。
首先,当我看到购物车时,总是会有一条空的产品线。我无法删除它。明白了吗
http://www.vetur.nl/cart_empty_product_line.jpg
而我的下一个问题是,当我尝试刷新购物车或发送订单时,收到此消息
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
'sender_full_name='',sender_afm='',sender_doy='',sender_work='',sender_person='',' at line 1
query=update basket set selected_quantity=,sender_full_name='' ,sender_afm='',sender_doy='',sender_work='',sender_person='',sender_address='',sender_zip='',sender_tel='',sender_fax='', addresser_email='', additional='' where session_id = 'ihcvafpk3fgqh6jra1mrplgkr1' and id=
我认为问题出在此文件process.php中,但找不到。确切的文件在我的第一个站点jazz.eu中运行良好。似乎有问题的process.php代码如下。
谢谢您,如果有任何错误,请原谅。这是我第一次在这里发布。
function procMy_cart(){
global $session, $form,$database,$mailer;
$session_id = session_id();
if ((isset($_POST['order'])) && ($_POST['order']==1)) {
if (!eregi("[a-z\α-ω\!\"\£\$\%\^\&\*\(\)\-\+\{\}\:\;\'\@\~\#\\\|\<\>\?\/]", $_POST['update_quantity'][$i])) {
For ($i=0;$i<count($_POST['update_quantity']);$i++) {
if (!eregi("[a-z\α-ω\!\"\£\$\%\^\&\*\(\)\-\+\{\}\:\;\'\@\~\#\\\|\<\>\?\/]", $_POST['update_quantity'][$i])) {
//$update_db="update basket set selected_quantity=".$_POST['update_quantity'][$i].",addresser='".$_POST['addresser']."',addresser_tel='".$_POST['addresser_tel']."', addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$update_db="update basket set selected_quantity=".$_POST['update_quantity'][$i].",sender_full_name='".$_POST['addresser']."',sender_afm='".$_POST['addresser_afm']."',sender_doy='".$_POST['addresser_doy']."',sender_work='".$_POST['addresser_work']."',sender_person='".$_POST['addresser_contact']."',sender_address='".$_POST['addresser_address']."',sender_zip='".$_POST['addresser_zip']."',sender_tel='".$_POST['addresser_tel']."',sender_fax='".$_POST['addresser_fax']."', addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$result=$database->query($update_db);
} else {
//$update_db="update basket set selected_quantity=1,addresser='".$_POST['addresser']."',addresser_tel='".$_POST['addresser_tel']."',addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$update_db="update basket set selected_quantity=1,sender_full_name='".$_POST['addresser']."',sender_afm='".$_POST['addresser_afm']."',sender_doy='".$_POST['addresser_doy']."',sender_work='".$_POST['addresser_work']."',sender_person='".$_POST['addresser_contact']."',sender_address='".$_POST['addresser_address']."',sender_zip='".$_POST['addresser_zip']."',sender_tel='".$_POST['addresser_tel']."',sender_fax='".$_POST['addresser_fax']."', addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$result=$database->query($update_db);
}
}
}
// $retval = $session->my_cart($_POST['addresser'], $_POST['addresser_doy'], $_POST['addresser_work'], $_POST['addresser_afm'], $_POST['addresser_address'], $_POST['addresser_zip'], $_POST['addresser_contact'], $_POST['addresser_email'], $_POST['addresser_tel'], $_POST['addresser_fax'], $_POST['additional']);
// if ($retval) {
// $_SESSION['send_order'] = true;
// header("Location: my_cart2.php");//.$session->referrer);
// } else {
// $_SESSION['value_array'] = $_POST;
// $_SESSION['error_array'] = $form->getErrorArray();
// header("Location: my_cart2.php");//.$session->referrer);
// }
header("Location: order2.php");
} else if ((isset($_POST['order'])) && ($_POST['order']!=1)) {
if ((isset($_POST['refresh_basket'])) && ($_POST['refresh_basket']==1)) {
For ($i=0;$i<count($_POST['update_quantity']);$i++) {
//echo $_POST['update_id'][$i];
if (!eregi("[a-z\α-ω\!\"\£\$\%\^\&\*\(\)\-\+\{\}\:\;\'\@\~\#\\\|\<\>\?\/]", $_POST['update_quantity'][$i])) {
//$update_db="update basket set selected_quantity=".$_POST['update_quantity'][$i].", addresser='".$_POST['addresser']."', addresser_tel='".$_POST['addresser_tel']."', addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$update_db="update basket set selected_quantity=".$_POST['update_quantity'][$i].",sender_full_name='".$_POST['addresser']."',sender_afm='".$_POST['addresser_afm']."',sender_doy='".$_POST['addresser_doy']."',sender_work='".$_POST['addresser_work']."',sender_person='".$_POST['addresser_contact']."',sender_address='".$_POST['addresser_address']."',sender_zip='".$_POST['addresser_zip']."',sender_tel='".$_POST['addresser_tel']."',sender_fax='".$_POST['addresser_fax']."', addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$result=$database->query($update_db);
} else {
//$update_db="update basket set selected_quantity=1, addresser='".$_POST['addresser']."', addresser_tel='".$_POST['addresser_tel']."', addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$update_db="update basket set selected_quantity=1,sender_full_name='".$_POST['addresser']."',sender_afm='".$_POST['addresser_afm']."',sender_doy='".$_POST['addresser_doy']."',sender_work='".$_POST['addresser_work']."',sender_person='".$_POST['addresser_contact']."',sender_address='".$_POST['addresser_address']."',sender_zip='".$_POST['addresser_zip']."',sender_tel='".$_POST['addresser_tel']."',sender_fax='".$_POST['addresser_fax']."', addresser_email='".$_POST['addresser_email']."', additional='".$_POST['additional']."' where session_id = '$session_id' and id=".$_POST['update_id'][$i]."";
$result=$database->query($update_db);
}
}
}
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: my_cart2.php");//.$session->referrer);
}
} // end cart
最佳答案
变量$_POST['update_quantity'][$i]
没有值。如果查看查询,您会注意到set selected_quantity=,sender_full_name=''
。您至少需要将一组单引号或null
分配给selected_quantity。
您永远不应将_POST数据直接分配给查询。始终以某种方式清除它,以避免SQL注入攻击。您可能会尽早分配$ _POST ['update_quantity'] [$ i]给变量,并执行一些逻辑以确保该变量具有有效值,否则,请阻止查询运行或添加默认值。
关于mysql - 我在SQL消息中找不到解决方案。我想要一些建议,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/18152046/