为什么我的PHP mysql代码接受购物车中没有产品的客户订单?
提问于 2018-07-08 20:15:01
我用PHP和mysql开发了一个网上购物网站。当顾客下订单时,首先我会检查他的购物车里是否有任何产品。如果没有产品,他就不能下订单,并向他显示他的购物车是空的消息,并将他重定向到主页。但今天,有人设法在购物车里没有一件产品的情况下了订单。这怎么可能呢?有没有可能代码有时无法准确执行?如果不是,为什么会发生在我的案例中?
我正在发布我在保存客户订单时使用的代码行。
<?php
session_start();
include "connection.php";
if (isset($_POST['submit'])){
$cutomer_id=$_SESSION['customer_id'];
$customer_address=$_POST['delivery_address'];
$customer_name=$_POST['customer_name'];
$session_id= session_id();
//IF CART EMPTY THEN REJECT ORDER
$strSql= "select * from cart where session_id='" .$session_id."'";
$result= mysqli_query ($con,$strSql);
//if nothing found in cart then opt out
$count_prods = mysqli_num_rows($result);
if($count_prods==0){
echo "Your cart is empty";
exit;
}
//UPDATE THE DELIVERY ADDRESS OF THE CUSTOMER
$update_address="UPDATE user_info SET address1='$customer_address', first_name='$customer_name' WHERE user_id='$cutomer_id'";
$success= mysqli_query($con,$update_address);
//making order number
$strsql2="SELECT NEXTval('order_number_producer') as order_number";
$result2=mysqli_query($con,$strsql2);
$got_it=mysqli_fetch_assoc($result2);
$order_number=$got_it['order_number'];
//first insert into new orders
date_default_timezone_set("Asia/Delhi");
$orderTime=date("d-m-Y h:i:s A");
$strsql3="INSERT INTO new_order (order_number, customer_id, order_status,delivery_date, delivery_time,order_time) VALUES ('$order_number','$cutomer_id','processing','$delivery_date','$delivery_time','$orderTime')";
$successfull= mysqli_query($con,$strsql3);
//Now insert order details into order_details table
$strSql= "select * from cart where session_id='" .$session_id."'";
$result= mysqli_query($con,$strSql);
while ($rows= mysqli_fetch_assoc($result)){
$p_id =$rows['p_id'];
$qty = $rows['qty'];
$price = $rows['price'];
$strsqlOrderDetails="INSERT INTO order_details(order_number, product_id, qty, price) VALUES ('$order_number','$p_id','$qty','$price')";
$done= mysqli_query($con,$strsqlOrderDetails);
}
//New order created, ordered products inserted...NOW CLEAR THE CART OF CUSTOMER
$clearcart=$strSql= "delete from cart where session_id='" .$session_id."'";
$cleared= mysqli_query($con,$clearcart);
echo "Order submitted. Your order number is # $order_number";
}
?>
回答 1
Stack Overflow用户
发布于 2018-07-08 20:27:21
听起来可能是臭名昭著的按钮双击问题。看起来订单在第一次点击时就通过了,结果购物车被清空了。
然后第二次点击(在双击中)没有找到订单?
也许可以尝试通过双击按钮来模拟这种行为,如果这是罪魁祸首,则添加一些javascript以防止双击按钮。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/51235656
复制相关文章
点击加载更多
腾讯云开发者
