电商大厦
我开始使用 MySQL 开发,并考虑制作自己的电子商务网站。
- 如果我想将客户的愿望清单存储在表中,我应该这样做吗,比如第一列有用户 ID,第二列有产品 ID,如
product0|product1|product2分开,或者是否有更有效的方法在 MySQL 中执行此操作? - 我应该永久存储用户详细信息,还是在订单处理后将其删除?
这个功能是否足够安全,可以从用户输入中删除危险字符:
函数 siisti($str){ $str = strip_tags($str); $str = htmlentities($str); $str = 修剪($str); $str = htmlspecialchars($str); $str = mysql_real_escape_string($str); $str = str_replace(array("ä", "ö"), array("ä", "ö"), $str); 返回$str; }创建它时我还应该查看其他内容吗?
编辑: 还有一个问题 这是制作页面的好方法吗:
up.php
Content to be inserted top of all pages
| Some Site
etc.
down.php <代码>
Content to be inserted footer of all pages
some copyright notes etc.
<./body>
<./html>
somepage.php
i.nclude("up.php");
some content here
由于某种原因,代码处理根本不起作用!因此,只需单击“编辑”即可查看我拥有的代码。这个错误应该在这个网站上真正修复。
I´m starting with MySQL developing and consider to make my own e-commerce site.
- If I want to store customer´s wish list in a table should I do it, like first column has user id and second has product ids separated like
product0|product1|product2or is there some more effective way to do this in MySQL? - Should I store the user details forever, or remove them when the order has been processed?
Is this enough secure function to take off dangerous characters from user inputs:
function siisti($str){ $str = strip_tags($str); $str = htmlentities($str); $str = trim($str); $str = htmlspecialchars($str); $str = mysql_real_escape_string($str); $str = str_replace(array("ä", "ö"), array("ä", "ö"), $str); return $str; }Is there any other that I should look when creating it?
EDIT:
One more question
Is this good way to do the pages:
up.php
Content to be inserted top of all pages
| Some Site
etc.
down.php
Content to be inserted footer of all pages some copyright notes etc.<./body> <./html>somepage.php
i.nclude("up.php");
some content here
In some reason the code handling does not work at all! So just click edit to see what I have as code. This bug should really fixed in this site.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
使用包含
客户和产品列的表格,并为每个客户插入多行 - 一行对应他们拥有的每种产品。<前><代码>+------------+----------+
|客户 |产品 |
+------------+----------+
|客户0 |产品0 |
|客户0 |产品1 |
|客户0 |产品2 |
|客户1 |产品2 |
|客户2 |产品0 |
+------------+----------+
一般情况下,不要删除行。只需将它们标记为已处理即可。这允许您审核系统。
访问数据库时使用
mysql_real_escape_string或参数化查询。编写 HTML 时使用 HTML 转义函数。没有“危险字符”,只有“危险编程”。 永远不要尝试自己编写“清理”函数。使用通用的清洁功能会让你变得懒惰。您不会理解自己在做什么,这会导致错误。Use a table with columns
customerandproductand insert multiple rows for each customer - one for each product they own.In general, do not delete rows. Just mark them as processed. This allows you to audit the system.
Use
mysql_real_escape_stringor parameterized queries when accessing the database. Use HTML escaping functions when writing HTML. There is no such thing as "dangerous characters", only "dangerous programming". Never try to write "cleaning" functions yourself. Using generic cleaning functions makes you lazy. You won't understand what you are doing and that will lead to mistakes.1:不不不不,不要这样做。有一个单独的产品表,有一个名为“购物车”的表或具有两列的表...一列用于客户 ID,一列用于产品 ID。购物车中的数量和价格可能对您也有用。
2:你必须存储一些数据供以后使用。不要存储信用卡信息。阅读PCI 合规性。
3:不要这样做。您正在破坏您的数据,无法修复。必要时根据需要使用这些功能。
4:鉴于您提出的问题,以及这个轮子已经被制造了 100 次的事实,现在停止,修改现有的解决方案。
1: NO NO NO NO, don't do this. Have a separate table for products, have a table called "cart" or something with two columns... one for customer ID and one for product ID. Quantity and price-in-cart might be also useful to you.
2: You have to store some data for later. Do not store credit card information. Read up on PCI compliance.
3: Do not do this. You are mangling your data beyond repair. Use the functions as necessary when they are necessary.
4: Given the questions you are asking, and the fact that this wheel has been made 100 times over, stop now, modify an existing solution.