I have a small line of code that will get the sum of a column
<?php
class ManageServices{
function getTotalSumByDateRange()
{
$query = $this->link->query("SELECT SUM(amount) as sum_of_date_range FROM services ");
$rowcount = $query->rowCount();
$result = $query->fetchAll();
return $result;
}
}
?>
//search.php
<?php
include_once('../../classes/class.ManageServices.php');
$init = new ManageServices();
$sum_of_date_range = $init->getTotalSumByDateRange();
?>
//search1
<?php
if(isset($_POST['submit']))
{
include_once('../../classes/class.ManageServices.php');
$init = new ManageServices();
$date_from =$_POST['to_date'];
$date_to =$_POST['from_date'];
if(empty($_POST['to_date']) && empty($_POST['from_date']))
{
$error = "No search query";
}
elseif(empty($_POST['to_date']) && !empty($_POST['from_date']))
{
$error ="Please specify your start date search";
}
elseif(!empty($_POST['to_date']) && empty($_POST['from_date']))
{
$error ="Please specify your end date search";
}
else
{
$total_by_date_range = 0;
$total_by_date_range = $init->getSumByDateRange($date_from, $date_to);
}
}
?>
//html
<?php
include_once('../../libs/search/search_sales_by_date.php');
include_once('../../libs/search1/total_sales.php');
?>
<!Doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>search by dates</title>
<link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
<link rel="stylesheet" href="/resources/demos/style.css">
<script>
$(function() {
$( ".datepicker" ).datepicker();
});
</script>
</head>
<body>
<div>
<?php
if(isset($error))
{
echo $error;
}
?>
</div>
<h3>Search Sales</h3>
<p>From</p>
<form method="POST" action="search_sales_by_dates.php">
<p>Date: <input type="text" class="datepicker" name="from_date" id="field1"></p>
<p>To</p>
<p>Date: <input type="text" class="datepicker" name="to_date" id="field2"></p><br />
<input type="submit" value="search" name="submit" id="submitdata">
</form>
<div id ="fillmein1">
<?php foreach($sum_of_date_range as $sum): ?>
<td>Total Sales<span class="glyphicon glyphicon-usd" aria-hidden="true"></span><?php echo number_format($sum['total_sum'],2); ?></td>
<?php endforeach; ?>
</div>
<input type="hidden" value ="$total_by_date_range['sum_of_date_range'] ">//this is the problem
</body>
</html>
and in my table i have columns 'id','amount',date_of_service'.The query above will calculate all the 'amount' values and display in html, however, i want to add another query that will only get the sum of 'amount' column base on a date range input from html form.Any ideas on this?
Update..I think I'm almost there,after I updated search1.php,search.php,and html my problem now is I want to show the $total_by_date_range in same form.But when I submit the form, it shows no error but will not show the $total_by_date_range.anyway,the $sum_of_date range shows result in the same page
First you need to add another function:
class ManageServices {
function getTotalSumByDateRange() {
$query = $this->link->query("SELECT SUM(amount) as sum_of_date_range FROM services ");
$rowcount = $query->rowCount();
$result = $query->fetchAll();
return $result;
}
function getSumByDateRange($date_from, $date_to) {
$query = $this->link->query("SELECT SUM(amount) as sum_of_date_range FROM services where
date_of_service between '".$date_from."' and '".$date_to."'");
$rowcount = $query->rowCount();
$result = $query->fetch();
return $result;
}
}
Search.php
<?php
include_once('../../classes/class.ManageServices.php');
$init = new ManageServices();
$sum_of_date_range = $init->getTotalSumByDateRange();
$total_by_date_range = $init->getSumByDateRange($_POST['from_date'],$_POST['to_date']);
?>
HTML
<?php
include_once('../../libs/search/search_sales_by_date.php');
?>
<div>
<?php foreach($sum_of_date_range as $sum):?>
<td><span class="glyphicon glyphicon-usd" aria-hidden="true"></span><?php echo number_format($sum['sum_of_date_range'],2); ?></td>
<?php endforeach;?>
<?php
echo "Total by date range: ".$total_by_date_range;
?>
</div>
You can try something like this.
First, when from date and end date is not specified, you display all the sum. But if those exists you filter your query to display sum within the date range.
Here is my solution.
function getTotalSumByDateRange($fromDate = "", $toDate = "")
{
$sql = "SELECT SUM(amount) as sum_of_date_range FROM services ";
if (!empty($fromDate) && !empty($toDate) {
$sql .= "WHERE date_of_service BETWEEN '". $fromDate . "' AND '" . $toDate . "'";
}
$query = $this->link->query($sql);
$rowcount = $query->rowCount();
$result = $query->fetchAll();
return $result;
}
Now it's working.I rewrite my search.php
<?php
if(isset($_REQUEST['submit']))
{
include_once('../../classes/class.ManageServices.php');
$init = new ManageServices();
$date_to =$_REQUEST['to_date'];
$date_from =$_REQUEST['from_date'];
if(empty($date_from) && empty($date_to))
{
$error = "No search query";
}
elseif(empty($date_from) && !empty($date_to))
{
$error = "Specify your end date search";
}
elseif(!empty($date_from) && empty($date_to))
{
$error ="Specify your start date search";
}
else
{
if($date_from < $date_to)
{
$total_by_date_range = $init->getSumByDateRange($date_from, $date_to);
foreach ($total_by_date_range as $key)
{
$success ="Your Total amount of sales from ". $date_from . ' ' . "To" . ' ' .$date_to . ' ' ."is". ' ' ."P" .number_format($key['sum_of_date_range'],2);
}
}
else
{
$error = "You bitch, Start date should not greater than the end date on your search query";
}
}
}
else
{
$error = "Because you are an idiot, the script contains some bugs that is why it can't run on the browser!";
}
?>
and I also changed the date format of Jquery datepicker, similar to the format used by mysql,I found out that having different date format in html($_GET method) and the format used by mysql will result null in query.
Related
I hava a page with a list of data displayed from database table and a search bar.
When I filter the data by id, the searched data will be highlighted (background color change) but I need it to remain displaying the rest of data.
I managed to change the background color of searched data however if I search the data that is not in table, the Record not found not displayed.
<?php
$search_keyword = '';
if (isset($_POST['search'])) {
$search_keyword = $_POST['search'];
}
?>
<head></head>
<body>
<form name="searchForm" action="" method="POST">
<input type="text" id="search" name="search" placeholder="Enter Employee ID Search">
</form>
<?php
$sql_search = "";
if (!empty($search_keyword)) {
$sql_search = " WHERE id = '" . $search_keyword . "' ";
}
$sql1 = "SELECT id, name, address FROM employee";
$result = $conn->query($sql1);
if ($result->num_rows > 0) {
// output data of each row
while ($row = $result->fetch_assoc()) {
?>
<div class="row">
<div class="employee">
<?php
if ($row["id"] == $search_keyword) {
?>
<div class="red-bg">
<?php
} else {
?>
<div class="white-bg">
<?php
}
?>
<div class="col-md-2"><?php echo $row["id"] ?></div>
<div class="col-md-3"><?php echo $row["name"] ?></div>
<div class="col-md-5"><?php echo $row["address"] ?></div>
</div>
</div>
</div>
</div>
<?php
}
} else {
?>
<div class="row">
<div class="employee">
<div class="white-bg">
<?php echo "Record not found." ?>
</div>
</div>
</div>
<?php
}
?>
</body>
<script>
document.onkeydown = function(evt) {
var keyCode = evt ? (evt.which ? evt.which : evt.keyCode) : event.keyCode;
if (keyCode == 13) {
//your function call here
document.searchForm.submit();
}
}
</script>
If I include the search keyword in query, I can display the Record not found when searching for data not in table however if I search data that is in table will only display and highlight 1 data.
$sql1 = "SELECT id, name, address FROM employee ". $sql_search ."";
So how do I display all data and highlight searched data that is in table and only display Record not found when search for data that is not in table?
I have managed to highlight/bold the search data while still display all the other data and will display a message Record not found if the data is not in table.
<?php
include("database.php");
$search_keyword = '';
if (isset($_POST['search'])) {
$search_keyword = $_POST['search'];
}
?>
<head>
</head>
<body>
<form name="searchForm" action="" method="POST">
<input type="text" id="search" name="search" placeholder="Enter Employee ID Search">
</form>
<?php
//query for searching
$sql_search_keyword = "";
if (!empty($search_keyword)) {
$sql_search_keyword = " WHERE id = '" . $search_keyword . "' ";
$sql_want_search = "SELECT id, name, address FROM employee" . $sql_search_keyword;
$result_want_search = $conn->query($sql_want_search);
if ($result_want_search->num_rows > 0) {
while ($row_want_search = $result_want_search->fetch_assoc()) {
$searched_data = $row_want_search["id"];
//query for displaying all data - if match with search will bold
$sql_display_searched = "SELECT id, name, address FROM employee";
$result_display_searched = $conn->query($sql_display_searched);
if ($result_display_searched->num_rows > 0) {
while ($row_display_searched = $result_display_searched->fetch_assoc()) {
if ($searched_data == $row_display_searched["id"]) {
//bold match
echo "<b>" . $row_display_searched["id"] . " " . $row_display_searched["name"] . " " . $row_display_searched["address"] . " </b><br>";
} else {
echo $row_display_searched["id"] . " " . $row_display_searched["name"] . " " . $row_display_searched["address"] . " <br>";
}
}
}
}
} else {
echo "Record not found.";
}
} else {
//Initial display all data before search
$sql_initial = "SELECT id, name, address FROM employee";
$result_initial = $conn->query($sql_initial);
if ($result_initial->num_rows > 0) {
while ($row_initial = $result_initial->fetch_assoc()) {
echo $row_initial["id"] . " " . $row_initial["name"] . " " . $row_initial["address"] . " <br>";
}
}
}
?>
</body>
<script>
document.onkeydown = function(evt) {
var keyCode = evt ? (evt.which ? evt.which : evt.keyCode) : event.keyCode;
if (keyCode == 13) {
//your function call here
document.searchForm.submit();
}
}
</script>
I don't really know how to explain my question, but I am in need. Of how to display warning before update into database.
example:
<?php
#Get id and yes before update waring code
if (isset($_GET["acept"])) {
$acept = $_GET["acept"];
} else {
$acept = " ";
}
if ($acept == "update") {
if (isset($_GET["yes"]) & $_GET["yes"] == true) {
$id = (int)$_GET["id"];
$query = mysqli_query($conn, "update users set balance='$redut' where id='$id'");
if ($query) {
echo " Successfull";
} else {
echo "retry";
}
exit();
}
$id = (int)$_GET["id"];
echo "<div class='topnav'>System Warning</div><div class='msg'>Are You Sure ?</div><div class='gap'></div><div class='button'><a href='?acept=update&yes=true&id=$idd'><font color='red'>Yes</font></a> | <a href='user.php'>No</a></div>";
}
here is my full code where I am trying to display the warning before updating into database
<?php
include_once 'init.php';
$error = false;
// check if form is submitted
if (isset($_POST['book'])) {
$book = mysqli_real_escape_string($conn, $_POST['book']);
$action = mysqli_real_escape_string($conn, $_POST['action']);
if (strlen($book) < 6) {
$error = true;
$book_error = "booking code must be alist 6 in digit";
}
if (!is_numeric($book)) {
$error = true;
$book_error = "Incorrect booking code";
}
if (empty($_POST["action"])) {
$error = true;
$action_error = "pick your action and try again";
}
if (!$error) {
if (preg_match('/(check)/i', $action)) {
echo "6mameja";
}
if (preg_match('/(comfirm)/i', $action)) {
if (isset($_SESSION["user_name"]) && (trim($_SESSION["user_name"]) != "")) {
$username = $_SESSION["user_name"];
$result = mysqli_query($conn, "select * from users where username='$username'");
}
if ($row = mysqli_fetch_array($result)) {
$idd = $row["id"];
$username = $row["username"];
$id = $row["id"];
$username = $row["username"];
$ip = $row["ip"];
$ban = $row["validated"];
$balance = $row["balance"];
$sql = "SELECT `item_name` , `quantity` FROM `books` WHERE `book`='$book'";
$query = mysqli_query($conn, $sql);
while ($rows = mysqli_fetch_assoc($query)) {
$da = $rows["item_name"];
$qty = $rows["quantity"];
$sqll = mysqli_query($conn, "SELECT * FROM promo WHERE code='$da' LIMIT 1");
while ($prow = mysqli_fetch_array($sqll)) {
$pid = $prow["id"];
$price = $prow["price"];
$count = 0;
$count = $qty * $price;
$show = $count + $show;
}
}
if ($show < $balance) {
echo "you cant buy here";
exit();
} elseif ($show > $balance) {
$redut = $balance - $show;
#display the warning before updating into daase if (isset($_GET["acept"])) {
$acept = $_GET["acept"];
} else {
$acept = " ";
}
if ($acept == "update") {
if (isset($_GET["yes"]) & $_GET["yes"] == true) {
$id = (int)$_GET["id"];
$query = mysqli_query($conn, "update users set balance='$redut' where id='$id'");
if ($query) {
echo " Successfull";
} else {
echo mysql_error();
}
exit();
}
$idd = (int)$_GET["id"];
echo "<div class='topnav'>System Warning</div><div class='msg'>Are You Sure ?</div><div class='gap'></div><div class='button'><a href='?acept=update&yes=true&id=$idd'><font color='red'>Yes</font></a> | <a href='user.php'>No</a></div>";
}
}
} else {
$errormsg = "Error in registering...Please try again later!";
}
}
}
}
?>
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="booking">
<fieldset>
<legend>Check Booking</legend>
<div class="form-group">
<label for="name">Username</label>
<input type="text" name="book" placeholder="Enter Username" required value="<?php if($error) echo $book; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($book_error)) echo $book_error; ?></span>
</div>
<input type="submit" name="booking" value="Sign Up" class="btn btn-primary" />
<table><input type="radio" name="action" value="comfirm" <?php if(isset($_POST['action']) && $_POST['action']=="comfirm") { ?>checked<?php } ?>>
<input type="radio" name="action" value="check" <?php if(isset($_POST['action']) && $_POST['action']=="check") { ?>checked<?php } ?>> Check booking <span class="text-danger"><?php if (isset($action_error)) echo $action_error; ?></span>
</div></table>
I don't really know where am wrong with the code, but the expected warning before update do not display and the database is not updated. big thanks in advance.
if (isset($_GET["yes"]) & $_GET["yes"] == true) {
change this to
if (isset($_GET["yes"]) && $_GET["yes"] == 'true') {
servers take the GET method as a string. not boolean
I don't really get what kind of warning you are trying to display. If it is for a user you can use the print or echo function. It is possible to echo a block of html so:
echo '<div class=”warning-msg”><p>MY WARNING</p></div>'
will display the block. Only thing is the warning may not be in de correct place or time.
Or in js
echo ‘<script type="text/javascript">’
echo ‘alert(“message successfully sent”)’
echo ’</script>’
If the waring is for jou personal use the build in php error handeling handeling.
Here is a snippet for a query function using php.
Use:
$query = query("SELECT ... (SQL)", $variable);
I want to display the mobile number in mobileNo label but when I enter the employee id for search this code displays no result.
I want to display data using the while loop in my html form
search.php
<?php
$output = NULL;
$mysqli = mysqli_connect("localhost","root","","db") or die ("Error in connection");
if(isset($_POST['search']))
{
$search = $mysqli->real_escape_string(isset($_POST['search']));
$resultSet = $mysqli->query("SELECT * FROM emp WHERE emp_id = '$search'");
if($resultSet->num_rows > 0)
{
while($rows = mysqli_fetch_row($resultSet))
{
$mobileNo = $rows['emp_mob_no'];
$output = "Mobile no: $mobileNo";
}
}
{
$output = "No result";
}
}
?>
display.php
<html>
<head>
</head>
<body>
<form action="search.php" method="post">
<ul>
<li>
<label for="employeeId">Employee Id</label>
<input type="text" name="employeeId" placeholder="Employee Id" />
<input type="submit" value="search" name="search"/>
</li>
<li>
<label for="mobileNo">Mobile No.</label>
<?php echo $output;?>
</li>
</form>
</body>
</html>
1st : you missed else That's why $output variable alwasy overwrite by No result .
2nd : $search = $mysqli->real_escape_string(isset($_POST['search'])); this line wrong isset will return boolean value your escaping for boolean value .
3rd : Try to use prepared statement to avoid sql injection .
PHP:
<?php
$output = NULL;
$mysqli = mysqli_connect("localhost","root","","db") or die ("Error in connection");
if(isset($_POST['search']))
{
$search=$_POST['search'];
$stmt = $conn->prepare("SELECT * FROM emp WHERE emp_id = ?");
$stmt->bind_param('i',$_POST['search']);
$stmt->execute();
$get_result = $stmt->get_result();
if($get_result->num_rows > 0)
{
while($rows = $get_result->fetch_assoc())
{
$mobileNo = $rows['emp_mob_no'];
$output = "Mobile no: $mobileNo";
}
}else //here else missed .
{
$output = "No result";
}
}
?>
<?php
$output = NULL;
$mysqli = mysqli_connect("localhost","root","","db") or die ("Error in connection");
if(isset($_POST['search']))
{
$search = $mysqli->real_escape_string($_POST['search']);
$resultSet = $mysqli->query("SELECT * FROM emp WHERE emp_id = '$search'");
if($resultSet->num_rows > 0)
{
while($rows = mysqli_fetch_assoc($resultSet))
{
$mobileNo = $rows['emp_mob_no'];
$output = "Mobile no: $mobileNo";
}
}
else
{
$output = "No result";
}
}
?>
I am working on an online shopping cart project, which requires me to be able to add a custom text input field to each item that is added to the shopping cart. However, when I attempt to insert the information for each item in the card into a database, I cannot figure out how to pass the itemtext value into my INSERT statement. How would I go about being able to pass the itemtext value from the initial item list into my database for Orderitems? The itemtext input is on line 170, and I want to pass it into the INSERT statement seen on line 83.
<?php
session_start();
$user = $_SESSION['user'];
if(!isset($user)) {
header("Location:userlogin.php");
}
$cart = $_COOKIE['WSC'];
if(isset($_POST['clear'])) {
$expire = time() -60*60*24*7*365;
setcookie("WSC", $cart, $expire);
header("Location:order.php");
}
if($cart && $_GET['id']) {
$cart .= ',' . $_GET['id'];
$expire = time() +60*60*24*7*365;
setcookie("WSC", $cart, $expire);
header("Location:order.php");
}
if(!$cart && $_GET['id']) {
$cart = $_GET['id'];
$expire = time() +60*60*24*7*365;
setcookie("WSC", $cart, $expire);
header("Location:order.php");
}
if($cart && $_GET['remove_id']) {
$removed_item = $_GET['remove_id'];
$arr = explode(",", $cart);
unset($arr[$removed_item-1]);
$new_cart = implode(",", $arr);
$new_cart = rtrim($new_cart, ",");
$expire = time() +60*60*24*7*365;
setcookie("WSC", $new_cart, $expire);
header("Location:order.php");
}
if(isset($_POST['PlaceOrder'])) {
$email = $user;
$orderdate = date('m/d/Y');
$ordercost = $_POST['ordercost'];
$ordertype = $_POST['ordertype'];
$downcost = $_POST['downcost'];
$cardtype = $_POST['cardtype'];
$cardnumber = $_POST['cardnumber'];
$cardsec = $_POST['cardsec'];
$cardexpdate = $_POST['cardexpdate'];
$orderstatus = "Pending";
if($ordertype=="") {
$ordertypeMsg = "<br><span style='color:red;'>You must enter an order type.</span>";
}
if($cardtype=="") {
$cardtypeMsg = "<br><span style='color:red;'>You must enter a card type.</span>";
}
if($cardnumber=="") {
$cardnumberMsg = "<br><span style='color:red;'>You must enter a card number.</span>";
}
if($cardsec=="") {
$cardsecMsg = "<br><span style='color:red;'>You must enter a security code.</span>";
}
if($cardexpdate=="") {
$cardexpdateMsg = "<br><span style='color:red;'>You must enter an expiration date.</span>";
}
else {
include ('includes/dbc_admin.php');
$sql = "INSERT INTO Orders (email, orderdate, ordercost, ordertype, downcost, cardtype, cardnumber, cardsec, cardexpdate, orderstatus)
VALUES ('$email', '$orderdate', '$ordercost', '$ordertype', '$downcost', '$cardtype', '$cardnumber', '$cardsec', '$cardexpdate', '$orderstatus')";
mysql_query($sql) or trigger_error("WHOA! ".mysql_error());
$sql = "SELECT orderid FROM Orders";
$result = mysql_query($sql) or die("Invalid query: " . mysql_error());
while($row=mysql_fetch_assoc($result)) {
$myid = $row[orderid];
}
$itemnumber = 1;
$items = explode(',', $cart);
foreach($items AS $item) {
$sql = "SELECT * FROM Catalog where id = '$item'";
$result = mysql_query($sql) or die("Invalid query: " . mysql_error());
while($row=mysql_fetch_assoc($result)) {
$itemtext = $_POST['itemtext'];
$sql= "INSERT INTO OrderItems (orderid, itemnumber, itemid, itemtype, media, itemtext, price)
VALUE ('$myid', '$itemnumber', '$row[itemid]', '$row[itemtype]', '$row[media]', '$itemtext[itemnumber]', '$row[price]')";
mysql_query($sql) or trigger_error("WHOA! ".mysql_error());
}
$itemnumber++;
}
$inserted = "<h2>Thank You!</h2> <h3>Your order has been placed.</h3>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Williams Specialty Company</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
function validateForm() {
var ordercost = document.form1.ordercost.value;
var downcost = document.form1.downcost.value;
var ordertype = document.form1.ordertype.value;
var cardtype = document.form1.cardtype.value;
var cardnumber = document.form1.cardnumber.value;
var cardsec = document.form1.cardsec.value;
var cardexpdate = document.form1.cardexpdate.value;
var ordertypeMsg = document.getElementById('ordertypeMsg');
var cardtypeMsg = document.getElementById('cardtypeMsg');
var cardnumberMsg = document.getElementById('cardnumberMsg');
var cardsecMsg = document.getElementById('cardsecMsg');
var cardexpdateMsg = document.getElementById('cardexpdateMsg');
if(ordertype == ""){ordertypeMsg.innerHTML = "You must enter an order type."; return false;}
if(cardtype == ""){cardtypeMsg.innerHTML = "You must enter a card type."; return false;}
if(cardnumber == ""){cardnumberMsg.innerHTML = "You must enter a card number."; return false;}
if(cardsec == ""){cardsecMsg.innerHTML = "You must enter a security code."; return false;}
if(cardexpdate == ""){cardexpdateMsg.innerHTML = "You must enter an expiration date."; return false;}
}
</script>
</head>
<body>
<?php include('includes/header.inc'); ?>
<?php include('includes/nav.inc'); ?>
<div id="wrapper">
<?php include('includes/aside.inc'); ?>
<section>
<h2>My Cart</h2>
<table width="100%">
<tr>
<th>Catalog ID</th>
<th>Item Name</th>
<th>Price</th>
<th>Item Text</th>
<th>Actions</th>
</tr>
<?php
$cart = $_COOKIE['WSC'];
if ($cart) {
$i = 1;
$ordercost;
include('includes/dbc.php');
$items = explode(',', $cart);
foreach($items AS $item) {
$sql = "SELECT * FROM Catalog where id = '$item'";
$result = mysql_query($sql) or die("Invalid query: " . mysql_error());
while($row=mysql_fetch_assoc($result)) {
echo '<tr>';
echo '<td align="left">';
echo $row['itemid'];
echo '</td>';
echo '<td align="left">';
echo $row['itemname'];
echo '</td>';
echo '<td align="left">';
echo $row['price'];
$ordercost+=$row['price'];
$downcost = $ordercost / 10;
echo '</td>';
echo '<td align="left">';
echo '<p><input type="text" id= "itemtext" name="itemtext"></p>';
echo '</td>';
echo '<td align="left">';
echo 'Remove From Cart';
echo '</td>';
echo '</tr>';
}
$i++;
}
}
?>
</table><br />
<form method="POST" action="<?php $_SERVER['PHP_SELF'];?>">
<input type="submit" name="clear" value="Empty Shopping Cart">
</form>
<?php if(isset($inserted)) {echo $inserted;} else{ ?>
<form method="post" action="<?php echo $SERVER['PHP_SELF'] ?>" name="form1" onSubmit="return validateForm()">
<p>Total Price: <?php echo $ordercost;?> <input type="hidden" id="ordercost" name="ordercost" value="<?php echo $ordercost;?>"> </p>
<p>Down Cost: <?php echo number_format((float)$downcost, 2, '.', '');?> <input type="hidden" id="downcost" name="downcost" value="<?php echo number_format((float)$downcost, 2, '.', '');?>"> </p>
<p><label>Order Type:</label><br> <input type="text" id="ordertype" name="ordertype">
<?php if(isset($ordertypeMsg)) {echo $ordertypeMsg;} ?>
<br /><span id="ordertypeMsg" style="color:red"></span>
</p>
<p><label>Card Type:</label><br> <input type="text" id="cardtype" name="cardtype">
<?php if(isset($cardtypeMsg)) {echo $cardtypeMsg;} ?>
<br /><span id="cardtypeMsg" style="color:red"></span>
</p>
<p><label>Card Number:</label><br> <input type="text" id="cardnumber" name="cardnumber">
<?php if(isset($cardnumberMsg)) {echo $cardnumberMsg;} ?>
<br /><span id="cardnumberMsg" style="color:red"></span>
</p>
<p><label>Card Security Code:</label><br> <input type="text" id="cardsec" name="cardsec">
<?php if(isset($cardsecMsg)) {echo $cardsecMsg;} ?>
<br /><span id="cardsecMsg" style="color:red"></span>
</p>
<p><label>Card Expiration Date:</label><br> <input type="text" id="cardexpdate" name="cardexpdate">
<?php if(isset($cardexpdateMsg)) {echo $cardexpdateMsg;} ?>
<br /><span id="cardexpdateMsg" style="color:red"></span>
</p>
<p><input type="submit" name="PlaceOrder" value="Place Order"></p>
</form><?php }?>
</section>
</div>
<?php include('includes/footer.inc'); ?>
</body>
</html>
Update: This is your answer: change '$itemtext[itemnumber]' into '$itemtext'
This is going wrong because of the way you use quotes. (not the answer but you might want to think about it ;-) )
$sql = "INSERT INTO Orders (email, orderdate, ordercost, ordertype, downcost, cardtype, cardnumber, cardsec, cardexpdate, orderstatus)
VALUES ('$email', '$orderdate', '$ordercost', '$ordertype', '$downcost', '$cardtype', '$cardnumber', '$cardsec', '$cardexpdate', '$orderstatus')";
You should not use '$email' but -for example- ...VALUES ('".$email."',...
Learn more about this here: What is the difference between single-quoted and double-quoted strings in PHP?
On another note, your code is not safe. Please use: http://php.net/manual/en/function.mysql-real-escape-string.php
Example:
...VALUES ('".mysql_real_escape_string($email)."',...
Hello my name is Patrick and this is my first question, i'm sorry but i'm not very good in PHP. probably there are more improvements but this post is for the questions. (but improvements are also welcome)
Question:
You can choose a team of 2 monsters // The monster are selected form database
The question is: if you choose 1 monster how can i fix that you can't choose the same monster on option 2?
PHP CODE:
Action of the 2 sumbit buttons
<?php
session_start();
include("header.php");
if(!isset($_SESSION['uid'])){
echo "You must be logged in to view this page!";
}else{
if (isset($_POST['save'])) {
if ($_POST['save'] == 'keuze4') {
$fuelQuery4 = sprintf("UPDATE user_team SET `m_keuze4` = '%s' WHERE `id`='".$_SESSION['uid']."' ",
mysql_real_escape_string($_POST['option4']));
$Result = mysql_query($fuelQuery4);
if($Result){
echo 'Team is aangepast!';
}
} elseif ($_POST['save'] == 'keuze5'){
$fuelQuery5 = sprintf("UPDATE user_team SET `m_keuze5` = '%s' WHERE `id`='".$_SESSION['uid']."' ",
mysql_real_escape_string($_POST['option5']));
$Result = mysql_query($fuelQuery5);
if($Result){
echo 'Team is aangepast!';
}
}
echo '';}
?>
Get the monsters form database and put it in a select list
<?php
$get=mysql_query("SELECT * FROM user_monsters WHERE `id`='".$_SESSION['uid']."' ORDER BY usid ASC");
$option4 = '';
while($row = mysql_fetch_assoc($get))
{
$option4 .= '<option value = "'.$row['usid'].'">'.$row['usid'].' - '.$row['monster'].' - '.$row['type'].'</option>';
}
?>
Show the selected item
<?php
$k4 = mysql_query("
SELECT user_team.m_keuze4, user_monsters.usid, user_monsters.monster, user_monsters.type, user_monsters.attack, user_monsters.defense
FROM user_team
INNER JOIN user_monsters
ON user_team.m_keuze4=user_monsters.usid
ORDER BY user_monsters.type;
");
while($row4 = mysql_fetch_assoc($k4))
{
$k4_1 = ''.$row4['m_keuze4'].' - '.$row4['monster'].' - '.$row4['type'].' - '.$row4['attack'].' - '.$row4['defense'].'';
}
?>
Option 5 is the same code as 4:
<?php
$get=mysql_query("SELECT * FROM user_monsters WHERE `id`='".$_SESSION['uid']."' ORDER BY usid ASC");
$option5 = '';
while($row = mysql_fetch_assoc($get))
{
$option5 .= '<option value = "'.$row['usid'].'">'.$row['usid'].' - '.$row['monster'].' - '.$row['type'].'</option>';
}
?>
<?php
$k5 = mysql_query("
SELECT user_team.m_keuze5, user_monsters.usid, user_monsters.monster, user_monsters.type, user_monsters.attack, user_monsters.defense
FROM user_team
INNER JOIN user_monsters
ON user_team.m_keuze5=user_monsters.usid
ORDER BY user_monsters.type;
");
while($row5 = mysql_fetch_assoc($k5))
{
$k5_1 = ''.$row5['m_keuze5'].' - '.$row5['monster'].' - '.$row5['type'].' - '.$row5['attack'].' - '.$row5['defense'].'';
}
?>
The Form
<form action="team.php" method="post">
<select name="option4">
<?php echo $option4; ?>
</select><br><br>Keuze 4
<?php
echo $k4_1;
?><br><br>
<input type="submit" name="save" value="keuze4"/>
</form>
<form action="team.php" method="post">
<select name="option5">
<?php echo $option5; ?>
</select><br><br>Keuze 5
<?php
echo $k5_1;
?><br><br>
<input type="submit" name="save" value="keuze5"/>
</form>
In php the best you can do check the option once its posted:
if (isset($_POST['save'])) {
if (filter_input(INPUT_POST,'option4') == filter_input(INPUT_POST,'option5')){
echo "Sorry. You can't select the same monster twice";
}else{
//your db insert logic goes here
}
}
It would be a good idea to also include some javascript to alert the user before they submit the form. This example uses jQuery
$('[name="option4"],[name="option5"]').change(function(){
if ($('[name="option4"]').val() == $('[name="option5"]').val()){
alert('you already chose that monster, please choose another');
}
});
The Form
<form action="team.php" method="post">
<select name="option4">
<?php echo $option4; ?>
</select><br><br>Keuze 4
<?php
echo $k4_1;
?><br><br>
<input type="submit" name="save" value="keuze4"/>
</form> <!-- remove this line-->
<form action="team.php" method="post"> <!-- and this line-->
<select name="option5">
<?php echo $option5; ?>
</select><br><br>Keuze 5
<?php
echo $k5_1;
?><br><br>
<input type="submit" name="save" value="keuze5"/>
</form>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script>
$(function () {
$('[name="option4"],[name="option5"]').change(function () {
if ($('[name="option4"]').val() == $('[name="option5"]').val()) {
alert('you already chose that monster, please choose another');
}
});
});
</script>
Action of the 2 sumbit buttons
if (isset($_POST['save'])) {
if (filter_input(INPUT_POST, 'option4') == filter_input(INPUT_POST, 'option5')) {
echo "Sorry. You can't select the same monster twice";
} else {
if ($_POST['save'] == 'keuze4') {
$fuelQuery4 = sprintf("UPDATE user_team SET `m_keuze4` = '%s' WHERE `id`='" . $_SESSION['uid'] . "' ", mysql_real_escape_string($_POST['option4']));
$Result = mysql_query($fuelQuery4);
if ($Result) {
echo 'Team is aangepast!';
}
} elseif ($_POST['save'] == 'keuze5') {
$fuelQuery5 = sprintf("UPDATE user_team SET `m_keuze5` = '%s' WHERE `id`='" . $_SESSION['uid'] . "' ", mysql_real_escape_string($_POST['option5']));
$Result = mysql_query($fuelQuery5);
if ($Result) {
echo 'Team is aangepast!';
}
}
}
}
Edit again,
Demo Fiddle of js