Im trying to make a simple ordersystem where the user inputs basic contact information, to this I want to add a fixed value that will allways be sent to the database in this case the price for the product. Also I want the date when the order is placed to also be sent to the database. I have solved the the user input part with a simple input form but have no idea how to get a fixed value for price or pris in this case and the date when the form i submitted to always be sent to the database along with the users contact information.
The code I have right now looks like this:
<?php /*Detta är kod för Order*/ include('input.php');?>
<?php if(!empty($_POST)){
//Contact
$mail = $_POST['mail'];
$first_name = $_POST['fname'];
$last_name = $_POST['lname'];
$adress = $_POST['adress'];
$phone = $_POST['phone'];
//Zip code
$zip = $_POST['zip'];
$city = $_POST['city'];
//Orders
$type = $_POST['type'];
$price = $_POST['price'];
$many = $_POST['many'];
$date = $_POST['date'];
$img = $_POST['img'];
$paymentstatus = $_POST['paymentstatus'];
$sqlContact = "INSERT INTO Contact (Mail, FName, LName, Adress, Phone) Values('$mail', '$first_name', '$last_name', '$adress', '$phone');";
$sqlZipCode = "INSERT INTO ZipCode (Zip, City) Values('$zip', '$city')";
$sqlOrders = "INSERT INTO Orders (Type, Price, Many, Date, IMG, Paymentstatus) Values('$typ','$pris','$antal','$datum','$img', '$betaldstatus')";
$resultKontakt = mysql_query($sqlKontakt) or die(mysql_error() . mysql_errno());
$resultPostNr = mysql_query($sqlPostNr) or die(mysql_error() . mysql_errno());
$resultOrders = mysql_query($sqlOrders) or die(mysql_error() . mysql_errno());
}
https://www.dropbox.com/s/x8c53o2865hln58/Input.php
https://www.dropbox.com/s/5yyq33uux0tqd2h/Order.php
How have worked around so that I get a fixed value "49" for the price and also so that the user can input the current date but I don't want this to be visible for the user and also not in the HTML-form as the information for the price is stated on the site and the date is to se when the order is submitted but it has to be as an attribute because I also need to show the data "submitted orders" on an Adminpage.
First of all: Never show your DB-password in a forum!
To your date-question: Use the DB-date now() of mysql so you get a reliable date:
$sqlOrders = "INSERT INTO Orders (Typ, Pris, Antal, Datum, IMG, BetaldStatus) Values('$typ','$pris','$antal',now(),'$img', '$betaldstatus')";
To your Price: (still not clear to me what you exactly want.
$pris = 49;
You have disabled the text field 'pris' but still somebody may edit the '$pirs' variable using a proxy tool and change the price, so i suggest according to the product the user has selected get the price and insert into the table, do not receive the price using the form (using post variable).
Related
i am trying to get data from user and store into database using php. when i add date & phone number , it store any 1st number of date what you entered & any random number in phone number.
$fname = $_GET['fname'];
$lname = $_GET['lname'];
$mname = $_GET['mname'];
$dob = $_GET['dob'];
$pnumber = $_GET['pnumber'];
$occupation = $_GET['occupation'];
$joindate = $_GET['join date'];
$ffname = $_GET['ffname'];
$flname = $_GET['flname'];
$peraddress = $_GET['peraddress'];
$fpnumber = $_GET['fpnumber'];
$mpnumber = $_GET['mpnumber'];
$roomnumber = $_GET['roomnumber'];
$deposite = $_GET['deposite'];
//$password = $_GET['password'];
//$sha1password = sha1($password);
//create connection
$connection = mysqli_connect('localhost', 'root', 'root', 'Hostel');
//check connection
if ($connection->connect_error) {
die('Connection error (' . $connection->connect_errno . ') ' .$connection->connect_error);
}
echo 'Cool!' .$connection->host_info . "\n";
$sqlin = "INSERT INTO Student (First_Name, Last_Name, Middle_Name, Date_of_Birth, Phone_Number, Occupation, Join_Date, Father_First_Name, Father_Last_Name, Permenent_Address, Father_Phone_Number, Mother_Phone_Number, Room_Number, Deposite)
VALUES ('$fname', '$lname', '$mname', '$dob', '$pnumber', '$occupation', '$joindate', '$ffname', '$flname', '$peraddress', '$fpnumber', '$mpnumber', '$roomnumber', '$deposite')";
if ($connection->query($sqlin) === TRUE) {
echo"Thank you! Your info has been entered into database";
}else{
echo"Error: " . $sqlin . "<br>" . $connection->error;
}
$connection->close();
?>
i already set date type is date in html and for phone number is text.
how i can correct date with any format with calender option and phone number ?
Since you are posting your data from the form using _GET, that might have caused the problem with date when saving in database. Change the form post method to 'POST' and read posted values using $_POST
I think if you mentioned the type of colomn you created as date. It has to be sent only in the format 'YYYY-MM-DD HH:MM:SS' and I don't think it support other format you entered to store and you ca store the telephone number even in text format. you can use strotime() to convert the entered date into that format $dob1 = date('Y-m-d', strtotime($dob)); so that you could store in database without any errors and you should specify the entire date if you declare the variable to be stored as date in database
I want users to UPDATE any field(s) they want in d database - table but I don't want the UPDATE .. SET to erase existing records with empty submission if they submit without changing all the fields.. but changed only the ones they want to..
$sql = "UPDATE table SET username = '$username', email = '$email',
fname = '$fname', lname = '$lname', address = '$address', city = '$city',
country = '$country', phone = '$phone', aboutme = '$aboutme' WHERE email = '$email'";
If the user only updates address and phone then submits his entry.. this instruction erases other fields that is not filled in the form.... I don't want that to happen. Kindly look into this. Thanks
Please I have tried your suggestion but its not working for me.. may I am doing something wrong -- I am new to PHP - Here is my code below:
$sql = "UPDATE user_profile SET ";
if ($username!="")
$sql ."username = '$username',"
if ($fname!="")
$sql ."fname = '$fname',"
if ($lname!="")
$sql ."lname = '$lname',"
if ($address!="")
$sql ."address = '$address',"
if ($city!="")
$sql ."city = '$city',"
if($country!="")
$sql ."country = '$country', "
if($phone!="")
$sql ."phone = '$phone', "
if($aboutme!="")
$sql ."aboutme = '$aboutme' "
$sql ."WHERE email = '$email'";
$query = mysqli_query($database,$sql);
if($query)
{
$message = "<div class=\"btn btn-lg btn-default\"><i class=\"text-success text-center\">Update Successful!</i></div>";
//echo "update successful";
}
You should be using parameters rather than placing user input directly into strings. However, that is good practice and protects against SQL injection and poorly formed parameters.
Doesn't help your problem, though. You need to see if there is a new value, otherwise, use the old one. Assuming the new value is NULL when not present, then use COALESCE(). For example:
SET username = COALESCE($username, username),
. . .
Note: There is no reason to set email in the SET statement because you are using it in the WHERE.
I have a question, I want to edit customer information, but I only want to update record of one customer at a time. I tried to add where _SESSION['customerCode'] but it doesn't seem to work.
<?php
$connection =
mysql_connect("com-db-02.student-cit.local", "team16", "DbSLzU")
or die (mysql_error());
$db = mysql_select_db("team16") or die(mysql_error());
$FName = $_POST['fname'];
$LName = $_POST['lname'];
$Email = $_POST['custemail'];
$Address = $_POST['address'];
$Town = $_POST['town'];
$County = $_POST['county'];
$Eircode = $_POST['eircode'];
$Phone = $_POST['phone'];
$query = mysql_query("UPDATE CUSTOMER set custFName = '$FName', custLName = '$LName', custemail = '$Email' where customerCode = "$_SESSION['customerCode']"") or die(mysql_error());
?>
I get an error unexpected '$_SESSION' (T_VARIABLE)
Also is it possible to add not update those fields that are blank, so if customer wants to change their address only, other fields won't get wiped out
You have a mistake on your concatination. Make it like this .$_SESSION['customerCode']
Try the code below.
session_start();
$custCode = $_SESSION['customerCode'];
$query = mysql_query("UPDATE CUSTOMER set custFName = '$FName', custLName = '$LName', custemail = '$Email' where customerCode = ".$custCode) or die(mysql_error())
Also is it possible to add not update those fields that are blank, so
if customer wants to change their address only, other fields won't get
wiped out
This was already been answered here before. Search for MySQL COALESCE
You can check the following:
https://dba.stackexchange.com/a/36748
https://stackoverflow.com/a/15525287/4672534
I'm trying to do an update without replace the empty fields, for examplo, if i have field number 1 and it is empty nothing happens in database but if field number 2 has some content i want it to be updated. the thing happens is when i do it the empty field goes to the database and REPLACE the content of the field for an empty value.
I need an example of how can i do it.
PD: I am using PHP OOP.
This is my query:
$conio = "UPDATE affiliates SET nickname = '$nickname', fullname = '$fullname' , email = '$email', skype = '$skype', country = '$country', address = '$address', city = '$city', zip = '$zip', bankname = '$bankname', bankaccount = '$bankaccount', beneficiary = '$beneficiary', username = '$username', password = '$password', whene = '$whene' WHERE id = '$users'";
mysqli_query($this->link, $conio) or die (mysqli_error($this->link));
Example: If you want to update the input where the value is not null.
<?php
...
$sql = "UPDATE affiliates SET ";
$sql_where = "WHERE id = '$users'";
$sql_set = "";
$firstName = $_POST['firstName'];
if(!empty($firstName))
$sql_set .= "firstName = '$firstName',";
$lastName = $_POST['lastName'];
if(!empty($lastName))
$sql_set .= "lastName = '$lastName',";
and the same thing for all the other inputs ...
...
mysql_query($sql.$sql_set.$sql_where);
Of course there are better ways of writing this code (ex: using for loop on elements of $_POST), but that's the concept, ...
What I'm trying to do is saving some data in the database and when user will press "SAVE" button script will compare the data entered by the user with data already present in the database. If the data matches it will show a warning that is "The entered data is already in the database please use search bar to search it." In my case I only want it to check phone number and cnic (cnic = national identity card number). Here is what I am doing.
<?php include_once("config.php"); // mysql_connect and database selection are in this file.
$name = $_POST['name']; // data coming from save_info.php
$gender = $_POST['option']; // data coming from save_info.php
$cnic = $_POST['cnic']; // data coming from save_info.php
$number = $_POST['number']; // data coming from save_info.php
$address = $_POST['address']; // data coming from save_info.php
$info = $_POST['info']; // data coming from save_info.php
$check = "SELECT * FROM info WHERE num = $number AND cnic = $cnic"; // checking data
$cresult = mysql_query($check);
if (mysql_num_rows($cresult)==1) {
echo "The entered phone number/cnic is already in the database, Please use search bar to search it.";
header('refresh:10;url=save_info.php');
}
else
{
$sql = "INSERT INTO info(name, gender, cnic, num, address, info)VALUES('$name', '$gender', '$cnic', '$number', '$address', '$info')";
$result = mysql_query($sql);
mysql_close();
header('Location:saved_info.php');
}
?>
You probably missed the quotes in your query:
$check = "SELECT * FROM info WHERE num = \"$number\" AND cnic = \"$cnic\"";
Since the fields are probably textual (varchar or something like that) you need to tell where the limits of the values you're comparing to are.
Also if you need to skip the saving if any of the values matches you should use OR:
$check = "SELECT * FROM info WHERE num = \"$number\" OR cnic = \"$cnic\"";
Try to add single quotes around your parameters and rewrite the query like this..
$check = "SELECT * FROM `info` WHERE `num` = '$number' OR cnic='$cnic'";
Also, on your if statement.. check like this
if (mysql_num_rows($cresult)>0) {
Also, stop using mysql_* functions as they are deprecated. Switch to MySQLi or PDO instead.