I don't really know how to explain my question, but I am in need. Of how to display warning before update into database.
example:
<?php
#Get id and yes before update waring code
if (isset($_GET["acept"])) {
$acept = $_GET["acept"];
} else {
$acept = " ";
}
if ($acept == "update") {
if (isset($_GET["yes"]) & $_GET["yes"] == true) {
$id = (int)$_GET["id"];
$query = mysqli_query($conn, "update users set balance='$redut' where id='$id'");
if ($query) {
echo " Successfull";
} else {
echo "retry";
}
exit();
}
$id = (int)$_GET["id"];
echo "<div class='topnav'>System Warning</div><div class='msg'>Are You Sure ?</div><div class='gap'></div><div class='button'><a href='?acept=update&yes=true&id=$idd'><font color='red'>Yes</font></a> | <a href='user.php'>No</a></div>";
}
here is my full code where I am trying to display the warning before updating into database
<?php
include_once 'init.php';
$error = false;
// check if form is submitted
if (isset($_POST['book'])) {
$book = mysqli_real_escape_string($conn, $_POST['book']);
$action = mysqli_real_escape_string($conn, $_POST['action']);
if (strlen($book) < 6) {
$error = true;
$book_error = "booking code must be alist 6 in digit";
}
if (!is_numeric($book)) {
$error = true;
$book_error = "Incorrect booking code";
}
if (empty($_POST["action"])) {
$error = true;
$action_error = "pick your action and try again";
}
if (!$error) {
if (preg_match('/(check)/i', $action)) {
echo "6mameja";
}
if (preg_match('/(comfirm)/i', $action)) {
if (isset($_SESSION["user_name"]) && (trim($_SESSION["user_name"]) != "")) {
$username = $_SESSION["user_name"];
$result = mysqli_query($conn, "select * from users where username='$username'");
}
if ($row = mysqli_fetch_array($result)) {
$idd = $row["id"];
$username = $row["username"];
$id = $row["id"];
$username = $row["username"];
$ip = $row["ip"];
$ban = $row["validated"];
$balance = $row["balance"];
$sql = "SELECT `item_name` , `quantity` FROM `books` WHERE `book`='$book'";
$query = mysqli_query($conn, $sql);
while ($rows = mysqli_fetch_assoc($query)) {
$da = $rows["item_name"];
$qty = $rows["quantity"];
$sqll = mysqli_query($conn, "SELECT * FROM promo WHERE code='$da' LIMIT 1");
while ($prow = mysqli_fetch_array($sqll)) {
$pid = $prow["id"];
$price = $prow["price"];
$count = 0;
$count = $qty * $price;
$show = $count + $show;
}
}
if ($show < $balance) {
echo "you cant buy here";
exit();
} elseif ($show > $balance) {
$redut = $balance - $show;
#display the warning before updating into daase if (isset($_GET["acept"])) {
$acept = $_GET["acept"];
} else {
$acept = " ";
}
if ($acept == "update") {
if (isset($_GET["yes"]) & $_GET["yes"] == true) {
$id = (int)$_GET["id"];
$query = mysqli_query($conn, "update users set balance='$redut' where id='$id'");
if ($query) {
echo " Successfull";
} else {
echo mysql_error();
}
exit();
}
$idd = (int)$_GET["id"];
echo "<div class='topnav'>System Warning</div><div class='msg'>Are You Sure ?</div><div class='gap'></div><div class='button'><a href='?acept=update&yes=true&id=$idd'><font color='red'>Yes</font></a> | <a href='user.php'>No</a></div>";
}
}
} else {
$errormsg = "Error in registering...Please try again later!";
}
}
}
}
?>
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="booking">
<fieldset>
<legend>Check Booking</legend>
<div class="form-group">
<label for="name">Username</label>
<input type="text" name="book" placeholder="Enter Username" required value="<?php if($error) echo $book; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($book_error)) echo $book_error; ?></span>
</div>
<input type="submit" name="booking" value="Sign Up" class="btn btn-primary" />
<table><input type="radio" name="action" value="comfirm" <?php if(isset($_POST['action']) && $_POST['action']=="comfirm") { ?>checked<?php } ?>>
<input type="radio" name="action" value="check" <?php if(isset($_POST['action']) && $_POST['action']=="check") { ?>checked<?php } ?>> Check booking <span class="text-danger"><?php if (isset($action_error)) echo $action_error; ?></span>
</div></table>
I don't really know where am wrong with the code, but the expected warning before update do not display and the database is not updated. big thanks in advance.
if (isset($_GET["yes"]) & $_GET["yes"] == true) {
change this to
if (isset($_GET["yes"]) && $_GET["yes"] == 'true') {
servers take the GET method as a string. not boolean
I don't really get what kind of warning you are trying to display. If it is for a user you can use the print or echo function. It is possible to echo a block of html so:
echo '<div class=”warning-msg”><p>MY WARNING</p></div>'
will display the block. Only thing is the warning may not be in de correct place or time.
Or in js
echo ‘<script type="text/javascript">’
echo ‘alert(“message successfully sent”)’
echo ’</script>’
If the waring is for jou personal use the build in php error handeling handeling.
Here is a snippet for a query function using php.
Use:
$query = query("SELECT ... (SQL)", $variable);
Related
I have an application that where users can post announcements and comment on posts. My problem is that whenever a comment is posted, It shows up on every announcement post. How can I post comments so that they show up on that specific post?
I have 2 database tables: "announcement: id, name, announcementTitle, announcement, image" and "comment: id, post_id, name, comment" with foreign key attached to comment.
Here is my home.php where the announcements and comments are echoed
<div class="container">
<div class="mx-auto">
<?php
if (isset($_SESSION['username'])) {
echo'
<h1 style="text-decoration:underline">Post an announcement</h1>
<form method="post" action="announcement.php" enctype="multipart/form-data">
<input type="text" name="announcementTitle" placeholder="Enter Subject"><br>
<textarea name="announcementBox" rows="5" cols="40" placeholder="Enter Announcement"></textarea><br>
<input type="file" name="image" accept="image/jpeg">
<button name="announcement">Submit</button>
</form>';
}
$query = "SELECT * FROM announcement ORDER BY id DESC";
$result = mysqli_query($con,$query);
while ($row = mysqli_fetch_array($result)) {
echo '<div class="row" style="color:black;background-color:white;border-radius:5px;padding:10px;margin-top:10px;margin-bottom:70px">';
echo '<div class="column" style="width:100%;border:5px">';
if (isset($_SESSION['username'])) {
echo '<form method="post" action="announcement.php">';
echo "Posted by " .$row["name"]. " click X to delete:";
echo '<input type="hidden" name="postID" value="'.$row['id'].'">';
echo '<button name="delete" style="float:right">X</button>';
echo '</form>';
}
echo $row['announcementTitle'].'<br>';
echo $row['announcement'].'<br>';
echo '<img width="20%" src="data:image;base64,'.$row['image'].'"alt="Image" style="padding-top:10px">';
echo'
<form method="post" action="comment.php">
<textarea name="commentbox" rows="2" cols="50" placeholder="Leave a Comment"></textarea><br>
<button name="comment">Submit</button>
</form>';
echo "Comments:<p><p>";
echo " <p>";
$find_comment = "SELECT * FROM comment ORDER BY id DESC";
$res = mysqli_query($con,$find_comment);
while ($row = mysqli_fetch_array($res)) {
echo '<input type="hidden" name="postID" value="'.$row['post_id'].'">';
$comment_name = $row['name'];
$comment = $row['comment'];
echo "$comment_name: $comment<p>";
}
if(isset($_GET['error'])) {
echo "<p>100 Character Limit";
}
echo '</div></div>';
}
?>
</div>
</div>
Here is comment.php where comments are put in the database
<?php
session_start();
$con = mysqli_connect('localhost', 'root', 'Arv5n321');
mysqli_select_db($con, 'userregistration');
$namee = '';
$comment = '';
$comment_length = strlen($comment);
if($comment_length > 100) {
header("location: home.php?error=1");
}else {
$que = "SELECT * FROM announcement";
$res = mysqli_query($con,$que);
while ($row = mysqli_fetch_array($res)) {
$post_id = $row['id'];
}
$namee = $_SESSION['username'];
$comment = $_POST['commentbox'];
$query = "INSERT INTO comment(post_id,name,comment) VALUES('$post_id','$namee','$comment')";
$result = mysqli_query($con, $query);
if ($result) {
header("location:home.php?success=submitted");
} else {
header("location:home.php?error=couldnotsubmit");
}
}
?>
Here is announcement.php where announcements are put in the database
<?php
session_start();
//$con = mysqli_connect('freedb.tech', 'freedbtech_arvindra', 'Arv5n321', 'freedbtech_remote') or die(mysqli_error($con));
$con = mysqli_connect('localhost', 'root', 'Arv5n321', 'userregistration') or die(mysqli_error($con));
if (isset($_POST['announcement'])) {
$image = $_FILES['image']['tmp_name'];
$name = $_FILES['image']['name'];
$image = base64_encode(file_get_contents(addslashes($image)));
date_default_timezone_set("America/New_York");
$title = $_POST['announcementTitle']." (<b>".date("m/d/Y")." ".date("h:i:sa")."</b>)";
$paragraph = $_POST['announcementBox'];
if (empty($paragraph)||empty($title)) {
header('location:home.php?error=fillintheblanks');
}else{
$nam = $_SESSION['username'];
$query = "insert into announcement(name,announcementTitle,announcement,image) values('$nam','$title','$paragraph','$image')";
$result = mysqli_query($con, $query);
if ($result) {
header("location:home.php?success=submitted");
} else {
header("location:home.php?error=couldnotsubmit");
}
}
}else if (isset($_POST['delete'])){
$query = "delete from announcement where id='".$_POST['postID']."';";
$result = mysqli_query($con,$query);
if ($result) {
header('location:home.php?success=deleted');
} else {
header('location:home.php?error=couldnotdelete');
}
}
else {
header('location:home.php');
}
I am a little new to PHP so any help is good.
Hope You all have a Great Day, I new with SQLITE DB and so I'm little confused about handling BLOB data.I tried lot of things ,but nothing get in to favor of me.
Here is My Code
INSERTING DATA
insert.php
<form method="POST" enctype="multipart/form-data">
model no:<input type="text" name="model_no"\><span style="color: red"><?php echo $messages["model_no"]; ?></span>
image:<input type="file" name="image" id="image"\><span style="color: red">
<input type="submit" value="save" id="save" name="save"/>
<input type="reset" value="Clear"/>
</form>
include.php
<?php
$flag = 0;
class MyDB extends SQLite3
{
function __construct()
{
$this->open('../database.db');
}
}
//checking save button is clicked
if(isset($_POST["save"])){
$model_no = $_POST['model_no'];
$image = $_FILES['image']['name'];
if($model_no != '' && $image != ''){
$flag = 1;
}
if($flag == '1'){
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
}
else{
$dbb = new MyDB();
$sql = 'SELECT COUNT(*) as count FROM fisfis WHERE model_no = "'.$model_no.'"';
//echo $sql;
$rows = $dbb->query($sql);
$row = $rows->fetchArray();
$numRows = $row['count'];
//echo $numRows;
if($numRows != 0){
$flag = 0;
echo "error:this model no is already taken";
}else{
$sqlp = "INSERT INTO fisfis(model_no, image) values('$model_no','$image')";
if($dbb->exec($sqlp)){
echo "data inserted successfully\n";
}
else{
echo"error:\n";
echo "data not inserted \n";
echo"contact admin for details\n";
}
}
}
}
else{
echo"error:\n";
echo "data not inserted : data fields cannot be empty\n";
}
}
?>
this is very successfully inserting data in to my table (table name:fisfis)
DISPLAYING DATA
display.php
<form method="POST" enctype="multipart/form-data">
<p>Enter Barcode : <input type="text" name="search_model" id="search_model" /></p>
<!--<p><img src='image.php?id=<?php //echo $row['model_no'];?>'/></p>-->
<p><input type="submit" value="search" name="search" id="search"/></p>
</form>
display_include.php
<?php
$flag2 = 0;
$flag3 = 0;
class MyDB extends SQLite3
{
function __construct()
{
$this->open('../database.db');
}
}
$db = new MyDB();
if(isset($_POST["search"])){
$model_no = '';
$model_no = $_POST['search_model'];
if($model_no != ''){
$flag2 = 1;
}
if($flag2 == '1'){
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
}
else{
$dbb = new MyDB();
$sql = 'SELECT COUNT(*) as count FROM fisfis WHERE model_no = "'.$model_no.'"';
$rows = $dbb->query($sql);
$row = $rows->fetchArray();
$numRows = $row['count'];
echo $numRows;
if($numRows == 0){
echo 'sorry this model no is not exists';
echo '<br/>';
echo 'create new';
$flag2 = 1;
}else{
echo "this is exisists";
$flag3 = 1;
}
if($flag3 == 1){
$sqla = 'SELECT * FROM fisfis WHERE model_no = "'.$model_no.'"';
$result = $dbb->query($sqla);
while($row = $result->fetchArray(SQLITE3_ASSOC) ) {
echo "MODEL NO = ". $row['model_no'] ."\n";
$img = '\'<img src="'. $row['image'] .'" width="100" height="100"/>\'';
echo $img;
}
}
}
}
}
?>
the display part displaying all data other than blob ,what i have tried
1.try to echo the image inside the php script
$img = '\'<img src="'. $row['image'] .'" width="100" height="100"/>\'';
try to display image inside html tag
but this is not working,please help me to fix this,thanks in advance
My explaining is not good, so here is a show-and-tell. I made a repro so I wouldn't forget any necessary bits.
The database table is defined:
CREATE TABLE `imgrepro` (
`id` INTEGER NOT NULL,
`photo` BLOB,
PRIMARY KEY(`id`)
);
It is seeded with one row, id = 1, photo is NULL.
The POST block will insert the image into the BLOB column in the db. The rest of the script will fetch the image and the html will display it.
<?php
$db = new SQLite3("***********\stacktest.db");
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// insert photo
$photo = file_get_contents($_FILES['fname']['tmp_name']);
$query = $db->prepare("UPDATE imgrepro set photo = :photo where id = 1");
$query->bindValue(':photo',$photo,SQLITE3_BLOB);
$result = $query->execute();
}
// get photo if there is one
$rows = $db->query("SELECT * from imgrepro")->fetchArray(SQLITE3_ASSOC);
$showphoto="";
if (count($rows) > 0) {
$showphoto=base64_encode($rows['photo']);
}
$db->close();
?>
<!DOCTYPE html>
<head>
<title>Say Cheese!</title>
</head>
<!-- show the photo -->
<img alt="no photo yet" src="data:image/jpeg;base64,<?= $showphoto ?>" >
<form action="imgrepro.php" method="post" enctype="multipart/form-data">
<input type="file" name="fname" accept=".jpg">
<input type="submit">
</form>
Hi why is the "Supplier" is not displaying while the other data in a row are dispying in input type. This is a update page and my codes below thanks.
<?php
include ('dbcon.php');
$users_id = $_GET['id'];
$SelSql = "SELECT * FROM supplier WHERE id='$users_id'";
$result = mysqli_query($conn, $SelSql);
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)){
$supplier = $row['supplier'];
$status = $row['status'];
$remarks = $row['remarks'];
}
}else {
$alertMessage="<div class='alert alert-danger' role='alert'>Theres Nothing to see Here.</div>";
}
?>
<input class="form-control" type="text" placeholder="Supplier" name="supplier" value="<?php echo $supplier; ?>">
I want to display the mobile number in mobileNo label but when I enter the employee id for search this code displays no result.
I want to display data using the while loop in my html form
search.php
<?php
$output = NULL;
$mysqli = mysqli_connect("localhost","root","","db") or die ("Error in connection");
if(isset($_POST['search']))
{
$search = $mysqli->real_escape_string(isset($_POST['search']));
$resultSet = $mysqli->query("SELECT * FROM emp WHERE emp_id = '$search'");
if($resultSet->num_rows > 0)
{
while($rows = mysqli_fetch_row($resultSet))
{
$mobileNo = $rows['emp_mob_no'];
$output = "Mobile no: $mobileNo";
}
}
{
$output = "No result";
}
}
?>
display.php
<html>
<head>
</head>
<body>
<form action="search.php" method="post">
<ul>
<li>
<label for="employeeId">Employee Id</label>
<input type="text" name="employeeId" placeholder="Employee Id" />
<input type="submit" value="search" name="search"/>
</li>
<li>
<label for="mobileNo">Mobile No.</label>
<?php echo $output;?>
</li>
</form>
</body>
</html>
1st : you missed else That's why $output variable alwasy overwrite by No result .
2nd : $search = $mysqli->real_escape_string(isset($_POST['search'])); this line wrong isset will return boolean value your escaping for boolean value .
3rd : Try to use prepared statement to avoid sql injection .
PHP:
<?php
$output = NULL;
$mysqli = mysqli_connect("localhost","root","","db") or die ("Error in connection");
if(isset($_POST['search']))
{
$search=$_POST['search'];
$stmt = $conn->prepare("SELECT * FROM emp WHERE emp_id = ?");
$stmt->bind_param('i',$_POST['search']);
$stmt->execute();
$get_result = $stmt->get_result();
if($get_result->num_rows > 0)
{
while($rows = $get_result->fetch_assoc())
{
$mobileNo = $rows['emp_mob_no'];
$output = "Mobile no: $mobileNo";
}
}else //here else missed .
{
$output = "No result";
}
}
?>
<?php
$output = NULL;
$mysqli = mysqli_connect("localhost","root","","db") or die ("Error in connection");
if(isset($_POST['search']))
{
$search = $mysqli->real_escape_string($_POST['search']);
$resultSet = $mysqli->query("SELECT * FROM emp WHERE emp_id = '$search'");
if($resultSet->num_rows > 0)
{
while($rows = mysqli_fetch_assoc($resultSet))
{
$mobileNo = $rows['emp_mob_no'];
$output = "Mobile no: $mobileNo";
}
}
else
{
$output = "No result";
}
}
?>
I am working on an online shopping cart project, which requires me to be able to add a custom text input field to each item that is added to the shopping cart. However, when I attempt to insert the information for each item in the card into a database, I cannot figure out how to pass the itemtext value into my INSERT statement. How would I go about being able to pass the itemtext value from the initial item list into my database for Orderitems? The itemtext input is on line 170, and I want to pass it into the INSERT statement seen on line 83.
<?php
session_start();
$user = $_SESSION['user'];
if(!isset($user)) {
header("Location:userlogin.php");
}
$cart = $_COOKIE['WSC'];
if(isset($_POST['clear'])) {
$expire = time() -60*60*24*7*365;
setcookie("WSC", $cart, $expire);
header("Location:order.php");
}
if($cart && $_GET['id']) {
$cart .= ',' . $_GET['id'];
$expire = time() +60*60*24*7*365;
setcookie("WSC", $cart, $expire);
header("Location:order.php");
}
if(!$cart && $_GET['id']) {
$cart = $_GET['id'];
$expire = time() +60*60*24*7*365;
setcookie("WSC", $cart, $expire);
header("Location:order.php");
}
if($cart && $_GET['remove_id']) {
$removed_item = $_GET['remove_id'];
$arr = explode(",", $cart);
unset($arr[$removed_item-1]);
$new_cart = implode(",", $arr);
$new_cart = rtrim($new_cart, ",");
$expire = time() +60*60*24*7*365;
setcookie("WSC", $new_cart, $expire);
header("Location:order.php");
}
if(isset($_POST['PlaceOrder'])) {
$email = $user;
$orderdate = date('m/d/Y');
$ordercost = $_POST['ordercost'];
$ordertype = $_POST['ordertype'];
$downcost = $_POST['downcost'];
$cardtype = $_POST['cardtype'];
$cardnumber = $_POST['cardnumber'];
$cardsec = $_POST['cardsec'];
$cardexpdate = $_POST['cardexpdate'];
$orderstatus = "Pending";
if($ordertype=="") {
$ordertypeMsg = "<br><span style='color:red;'>You must enter an order type.</span>";
}
if($cardtype=="") {
$cardtypeMsg = "<br><span style='color:red;'>You must enter a card type.</span>";
}
if($cardnumber=="") {
$cardnumberMsg = "<br><span style='color:red;'>You must enter a card number.</span>";
}
if($cardsec=="") {
$cardsecMsg = "<br><span style='color:red;'>You must enter a security code.</span>";
}
if($cardexpdate=="") {
$cardexpdateMsg = "<br><span style='color:red;'>You must enter an expiration date.</span>";
}
else {
include ('includes/dbc_admin.php');
$sql = "INSERT INTO Orders (email, orderdate, ordercost, ordertype, downcost, cardtype, cardnumber, cardsec, cardexpdate, orderstatus)
VALUES ('$email', '$orderdate', '$ordercost', '$ordertype', '$downcost', '$cardtype', '$cardnumber', '$cardsec', '$cardexpdate', '$orderstatus')";
mysql_query($sql) or trigger_error("WHOA! ".mysql_error());
$sql = "SELECT orderid FROM Orders";
$result = mysql_query($sql) or die("Invalid query: " . mysql_error());
while($row=mysql_fetch_assoc($result)) {
$myid = $row[orderid];
}
$itemnumber = 1;
$items = explode(',', $cart);
foreach($items AS $item) {
$sql = "SELECT * FROM Catalog where id = '$item'";
$result = mysql_query($sql) or die("Invalid query: " . mysql_error());
while($row=mysql_fetch_assoc($result)) {
$itemtext = $_POST['itemtext'];
$sql= "INSERT INTO OrderItems (orderid, itemnumber, itemid, itemtype, media, itemtext, price)
VALUE ('$myid', '$itemnumber', '$row[itemid]', '$row[itemtype]', '$row[media]', '$itemtext[itemnumber]', '$row[price]')";
mysql_query($sql) or trigger_error("WHOA! ".mysql_error());
}
$itemnumber++;
}
$inserted = "<h2>Thank You!</h2> <h3>Your order has been placed.</h3>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Williams Specialty Company</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
function validateForm() {
var ordercost = document.form1.ordercost.value;
var downcost = document.form1.downcost.value;
var ordertype = document.form1.ordertype.value;
var cardtype = document.form1.cardtype.value;
var cardnumber = document.form1.cardnumber.value;
var cardsec = document.form1.cardsec.value;
var cardexpdate = document.form1.cardexpdate.value;
var ordertypeMsg = document.getElementById('ordertypeMsg');
var cardtypeMsg = document.getElementById('cardtypeMsg');
var cardnumberMsg = document.getElementById('cardnumberMsg');
var cardsecMsg = document.getElementById('cardsecMsg');
var cardexpdateMsg = document.getElementById('cardexpdateMsg');
if(ordertype == ""){ordertypeMsg.innerHTML = "You must enter an order type."; return false;}
if(cardtype == ""){cardtypeMsg.innerHTML = "You must enter a card type."; return false;}
if(cardnumber == ""){cardnumberMsg.innerHTML = "You must enter a card number."; return false;}
if(cardsec == ""){cardsecMsg.innerHTML = "You must enter a security code."; return false;}
if(cardexpdate == ""){cardexpdateMsg.innerHTML = "You must enter an expiration date."; return false;}
}
</script>
</head>
<body>
<?php include('includes/header.inc'); ?>
<?php include('includes/nav.inc'); ?>
<div id="wrapper">
<?php include('includes/aside.inc'); ?>
<section>
<h2>My Cart</h2>
<table width="100%">
<tr>
<th>Catalog ID</th>
<th>Item Name</th>
<th>Price</th>
<th>Item Text</th>
<th>Actions</th>
</tr>
<?php
$cart = $_COOKIE['WSC'];
if ($cart) {
$i = 1;
$ordercost;
include('includes/dbc.php');
$items = explode(',', $cart);
foreach($items AS $item) {
$sql = "SELECT * FROM Catalog where id = '$item'";
$result = mysql_query($sql) or die("Invalid query: " . mysql_error());
while($row=mysql_fetch_assoc($result)) {
echo '<tr>';
echo '<td align="left">';
echo $row['itemid'];
echo '</td>';
echo '<td align="left">';
echo $row['itemname'];
echo '</td>';
echo '<td align="left">';
echo $row['price'];
$ordercost+=$row['price'];
$downcost = $ordercost / 10;
echo '</td>';
echo '<td align="left">';
echo '<p><input type="text" id= "itemtext" name="itemtext"></p>';
echo '</td>';
echo '<td align="left">';
echo 'Remove From Cart';
echo '</td>';
echo '</tr>';
}
$i++;
}
}
?>
</table><br />
<form method="POST" action="<?php $_SERVER['PHP_SELF'];?>">
<input type="submit" name="clear" value="Empty Shopping Cart">
</form>
<?php if(isset($inserted)) {echo $inserted;} else{ ?>
<form method="post" action="<?php echo $SERVER['PHP_SELF'] ?>" name="form1" onSubmit="return validateForm()">
<p>Total Price: <?php echo $ordercost;?> <input type="hidden" id="ordercost" name="ordercost" value="<?php echo $ordercost;?>"> </p>
<p>Down Cost: <?php echo number_format((float)$downcost, 2, '.', '');?> <input type="hidden" id="downcost" name="downcost" value="<?php echo number_format((float)$downcost, 2, '.', '');?>"> </p>
<p><label>Order Type:</label><br> <input type="text" id="ordertype" name="ordertype">
<?php if(isset($ordertypeMsg)) {echo $ordertypeMsg;} ?>
<br /><span id="ordertypeMsg" style="color:red"></span>
</p>
<p><label>Card Type:</label><br> <input type="text" id="cardtype" name="cardtype">
<?php if(isset($cardtypeMsg)) {echo $cardtypeMsg;} ?>
<br /><span id="cardtypeMsg" style="color:red"></span>
</p>
<p><label>Card Number:</label><br> <input type="text" id="cardnumber" name="cardnumber">
<?php if(isset($cardnumberMsg)) {echo $cardnumberMsg;} ?>
<br /><span id="cardnumberMsg" style="color:red"></span>
</p>
<p><label>Card Security Code:</label><br> <input type="text" id="cardsec" name="cardsec">
<?php if(isset($cardsecMsg)) {echo $cardsecMsg;} ?>
<br /><span id="cardsecMsg" style="color:red"></span>
</p>
<p><label>Card Expiration Date:</label><br> <input type="text" id="cardexpdate" name="cardexpdate">
<?php if(isset($cardexpdateMsg)) {echo $cardexpdateMsg;} ?>
<br /><span id="cardexpdateMsg" style="color:red"></span>
</p>
<p><input type="submit" name="PlaceOrder" value="Place Order"></p>
</form><?php }?>
</section>
</div>
<?php include('includes/footer.inc'); ?>
</body>
</html>
Update: This is your answer: change '$itemtext[itemnumber]' into '$itemtext'
This is going wrong because of the way you use quotes. (not the answer but you might want to think about it ;-) )
$sql = "INSERT INTO Orders (email, orderdate, ordercost, ordertype, downcost, cardtype, cardnumber, cardsec, cardexpdate, orderstatus)
VALUES ('$email', '$orderdate', '$ordercost', '$ordertype', '$downcost', '$cardtype', '$cardnumber', '$cardsec', '$cardexpdate', '$orderstatus')";
You should not use '$email' but -for example- ...VALUES ('".$email."',...
Learn more about this here: What is the difference between single-quoted and double-quoted strings in PHP?
On another note, your code is not safe. Please use: http://php.net/manual/en/function.mysql-real-escape-string.php
Example:
...VALUES ('".mysql_real_escape_string($email)."',...