I've created two php files with code for an order form for a cafeteria and the correspronding lines of code for inserting the posted values in my database. Here I present them.
CODE FOR addorder_form.php
**<?php
db_connect();
$cats=array("Kafedes", "Rofhmata", "Pota", "Snack/Glyka");
$arrlength=count($cats);
for($i=0;$i<$arrlength;$i++) {
$sql = mysql_query('SELECT title FROM products WHERE cname="'.$cats[$i].'"') or die(mysql_error());
echo '<div id="main_content">';
echo "<h4 style=color:#800000> ".$cats[$i]."</h4>";
echo "<br />";
while($row = mysql_fetch_array($sql, MYSQL_BOTH)){
echo "<div id='center' style='align:center'>";
echo "<input style='text-align:right;' type='checkbox' action='addorder.php' name='products[]' value='".$row["title"]."'>".$row["title"];
echo '</div>';
echo ' <div id="center_side" style="float:right"><form "method="post" action="addorder.php"><input type="text" size="4" padding-left="0.2em" name="quantity"/>';
echo '</div>';
echo '</div>';
echo '<br />';
}
}
echo '<form name="addorder" method="" action="addorder.php" onclick="addorder.php">';
echo '<input type="submit" value="Add order" style="float: right;"><br/>';
echo '</form>';
?>**
CODE FOR addorder.php
**<?php
include_once("buzzcafe_fns.php");
do_html_header("");
$quantity = '';
$title = '';
if (isset($_POST['quantity']) && isset($_POST['products'])) {
if(isset($_POST["Submit"])) {
$quantity = $_POST['quantity'];
$title = $_POST['products'];
if($_POST["Submit"] == "Submit")
{
for ($i=0; $i<sizeof($title); $i++) {
db_connect();
$insertOrder = mysql_query("INSERT INTO orders VALUES('".$title[i]."','".$quantity."')")or die(mysql_error());
}
echo "Record inserted";
}
}
}
?>**
When I run them I have non any syntax errors, though it does not work. As far as the db_connect() is set in the buzzcafe_fns.php file I've included and it is checked that works properly. How can I make my "INSERT INTO" work?
You can use another insert query
First You will check if $title variable array or not.
Next Using For loop
<?php
$con=mysql_connect("localhost","root","");
$db=mysql_select_db("yourdatabasename here" ,$con);
$count=count($title);
for($i=0;$i<$count;$i++){
mysql_query("INSERT INTO orders SET title='".$title[$i]."', quantity='".$quantity."'");
}
?>
Related
i am dynamically adding the values in the dropdown . After selecting the value in the dropdown and entering text in the textbox, both textbox value and dropdown value has to be entered in the database on button click. But my code is not working properly ie only textbox value is inserted in the database but not dropdown selected vlaue. Please correct my code
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<label style="margin-left:260px;width:170px"><h3 >Topic:</h3><br></label><br>
<select name="topic" style="margin-left: 282px;margin-top: -17px;">
<option value=""> -----Select----- </option>
<?php
$records = mysql_query("SELECT topic FROM topic ");
while ($row = mysql_fetch_array($records)){
echo "<option value=\"\">" . $row['topic'] . "</option>";
}
?>
</select>
<label style="margin-left:260px;width:170px"><h3 >Enter Crime Key Point:</h3><br></label><br>
<textarea name="details" id="details" rows="14" cols="60" style="margin-left:112px"><?php if(isset($_POST['details'])){echo htmlspecialchars($_POST['details']);}?>
</textarea><br><br>
<br><br><input type='submit' name='submit' value='Post' style='margin-left:305px;'>
</form>
if(isset($_POST["submit"]) ){
//if ( isset( $_POST['topic'] )){
//if(!empty($_POST['CarList'])){
$story = $_POST['details'];
$topic = $_POST['topic'];
echo $topic;
$sql = "SELECT `registered` FROM `user` WHERE `name`='{$_SESSION['name']}'";
$result = mysql_query($sql);
if (! $result)
{
throw new My_Db_Exception('Database error: ' . mysql_error());
}
else
{
$row = mysql_fetch_assoc($result);
$register=$row['registered'];
if ($register==1)
{
$sql = "INSERT INTO `stories`(`stories`,`name`,`topic`,`date/time`) VALUES ('$story','{$_SESSION['name']}','$topic',now())";
$result = mysql_query($sql);
echo $result;
if (! $result)
{
//echo "Story is not inserted. Please avoid special characters.";
echo 'Retrieval of data from Database Failed - #'.mysql_errno().': '.mysql_error();
}
else
{
die("<script>location.href = 'usershome.php'</script>");
echo "Story inserted successfully";
}
}
else
{
$sql = "select count(*) from stories where `date/time`=DATE(NOW()) AND `name` = '{$_SESSION['name']}'";
$result = mysql_query($sql);
if (! $result)
{
throw new My_Db_Exception('Database error: ' . mysql_error());
}
else
{
$row = mysql_fetch_assoc($result);
$count=$row['count(*)'];
if ($count<3)
{
$sql = " INSERT INTO `stories`(`stories`,`name`,`date/time`) VALUES ('$story','{$_SESSION['name']}',now())";
$result = mysql_query($sql);
if (! $result)
{
echo "Story is not inserted";
}
else
{
die("<script>location.href = 'usershome.php'</script>");
echo "Story inserted successfully";
}
}
else
{
echo '<img src="images/animated-star-image-0009.gif" width="25px"/>Please Register to enter more than 3 stories per day';
}
}
}
}
}
?>
The line:
echo "<option value=\"\">" . $row['topic'] . "</option>";
change it to:
echo "<option value='".$row['topic']."'>" . $row['topic'] . "</option>";
You are passing empty values for the topic parameter. Setting up a correct value will ensure that you are inserting the correct user input in the database.
For future you can debug this easy by outputting your POST content before executing the SQLinsert.
That will fix your issue, but there are several other things you might consider changing, one of them is the deprecated mysql_ extension, switch to mysqli or PDO.
I am trying to create a function where a user can edit a preexisting post. When the user is taken to edit.php, they are presented with a form that shows them the existing data associated with that post. They can then make changes to any of the fields (description, category, add additional images, etc.) and, upon hitting a submit button, the updated information will show on the post page.
My issue with this is actually getting it to update the information. The form will show up with the preexisting info, and I can make changes to any of the fields. However, when I press submit, I am taken to the list of posts, yet the changes I made have not been updated in the SQL table.
There aren't any errors that are being returned upon hitting submit. Everything is running smoothly except for the fact things aren't actually being updated in the database.
I have been looking on several different sites for help on the matter, and I have tried several variations of my UPDATE query thinking that maybe I am calling it incorrectly. This is the iteration I am currently working with after attempting several other examples I found:
if($title && $price && $description && $category){
$editquery = "UPDATE post SET title='$title', price='$price', description='$description', category='$category' WHERE post_id='$id'";
$edquery = $db->prepare($editquery);
$edquery->bind_result("ssss", $title, $price, $description, $category);
$edquery->execute();
if($edquery){
echo "Updated!";
}else{
echo "error";
}
}else{
echo "missing data";
}
I am fairly new to PHP, so it is very possible that I am making simple syntax errors that I am not noticing. Or it could be some other portion of my code that I am not executing properly. If anyone could have a look at my code and help point me in the right direction, I would greatly appreciate it.
Also, I would like to add that yes, I know my code is vulnerable to injection. My only concern right now is getting this function to work. Any security measures I will deal with after getting this to work.
PHP
<?php
if(!isset($_GET['id'])){
header('Location: modify.php');
exit();
}else{
$id = $_GET['id'];
}
include('../includes/db_connect.php');
if(!is_numeric($id)){
header('Location: inventory.php');
}
if(isset($_POST['submit'])){
$title = $_POST['title'];
$price = $_POST['price'];
$description = $_POST['description'];
$category = $_POST['category'];
$title = $db->real_escape_string($title);
$price = $db->real_escape_string($price);
$description = $db->real_escape_string($description);
if($title && $price && $description && $category){
$editquery = "UPDATE post SET title='$title', price='$price', description='$description', category='$category' WHERE post_id='$id'";
$edquery = $db->prepare($editquery);
$edquery->bind_result("ssss", $title, $price, $description, $category);
$edquery->execute();
if($edquery){
echo "Updated!";
}else{
echo "error";
}
}else{
echo "missing data";
}
$postid = $db->insert_id;
for($i=0; $i<count($_FILES["images"]["name"]); $i++)
{
$filetmp = $_FILES["images"]["tmp_name"][$i];
$filename = $_FILES["images"]["name"][$i];
$filetype = $_FILES["images"]["type"][$i];
$filepath = "images/".$filename;
move_uploaded_file($filetmp, $filepath);
$sql = "INSERT INTO images (img_name, img_path, img_type, post_id) VALUES
('$filename', '$filepath', '$filetype', '$postid')";
$result = mysqli_query($db, $sql);
}
}
?>
The HTML form This is the only portion of the HTML that pertains to this function.
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="POST" enctype="multipart/form-data">
<?php
$editsql = "SELECT * FROM post INNER JOIN categories ON categories.category_id=post.category_id WHERE post_id=' ".$id." '";
$editquery = $db->query($editsql);
if($editquery->num_rows !=1){
header('Location: inventory.php');
exit();
}
$editrow = $editquery->fetch_object();
echo "<div class='form-group'>";
echo "<label>Title*</label>";
echo "<input type='text' name='title' class='form-control' value='".$editrow->title."' required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Price*</label>";
echo "<input type='text' name='price' class='form-control' value='".$editrow->price."'required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Category</label>";
echo "<select name='category' class='form-control'>";
echo "<option value='".$editrow->category_id."'>".$editrow->category."</option>";
$catquery = $db->query("SELECT * FROM categories");
while($row = $catquery->fetch_object()){
echo "<option value='".$row->category_id."'>".$row->category."</option>";
}
echo "</select>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Description*</label>";
echo "<textarea type='textarea' name='description' class='form-control' required>".$editrow->description."</textarea>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Image(s)</label>";
echo "<input type='hidden' name='size' value='1000000'>";
echo "<input multiple='multiple' name='images[]' type='file'/>";
echo "</div>";
echo "<div class='required'>";
echo "* indicates a required field";
echo "</div>";
echo "<button type='submit' name='submit' value='submit' class='btn btn-default'>EDIT POST</button>"
?>
</form>
EDIT
Whatever is happening with my code, I am unable to see any of the echoed statements after I press 'submit':
if($query){
echo "product updated";
}else{
echo "error";
}
}else{
echo "missing data";
}
Could it be possible that this is causing an issue?
if(!isset($_GET['id'])){
header('Location: modify.php');
exit();
}else{
$id = $_GET['id'];
}
Or that I need to use a hidden input along with this?
echo "<button type='submit' name='submit' value='submit' class='btn btn-default'>EDIT POST</button>"
EDIT 2
I've separated this into two files (edit.php and submitedit.php) to keep the $_GET and $_POST separated from one another. However, I am still experiencing the same issue where the database will not update.
edit.php I'm only showing the PHP and relevant HTML form
<?php
session_start();
$msg = "";
if(!isset($_GET['id'])){
header('Location: delete.php');
exit();
}else{
$id = $_GET['id'];
}
include('../includes/db_connect.php');
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit();
}
if(!is_numeric($id)){
header('Location: inventory.php');
}
?>
<!-- WHERE THE HTML STARTS -->
<form action="submitedit.php" method="POST" enctype="multipart/form-data">
<?php
$editsql = "SELECT * FROM post INNER JOIN categories ON categories.category_id=post.category_id WHERE post_id='$id'";
$editquery = $db->query($editsql);
if($editquery->num_rows !=1){
header('Location: inventory.php');
exit();
}
$editrow = $editquery->fetch_object();
echo "<div class='form-group'>";
echo "<label>Title*</label>";
echo "<input type='text' name='title' class='form-control' value='".$editrow->title."' required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Price*</label>";
echo "<input type='text' name='price' class='form-control' value='".$editrow->price."'required>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Category</label>";
echo "<select name='category' class='form-control'>";
echo "<option value='".$editrow->category_id."'>".$editrow->category."</option>";
$catquery = $db->query("SELECT * FROM categories");
while($row = $catquery->fetch_object()){
echo "<option value='".$row->category_id."'>".$row->category."</option>";
}
echo "</select>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Description*</label>";
echo "<textarea type='textarea' name='description' class='form-control' required>".$editrow->description."</textarea>";
echo "</div>";
echo "<div class='form-group'>";
echo "<label>Image(s)</label>";
echo "<input type='hidden' name='size' value='1000000'>";
echo "<input multiple='multiple' name='images[]' type='file'/>";
echo "</div>";
echo "<div class='required'>";
echo "* indicates a required field";
echo "</div>";
echo "<button type='submit' name='submit' value='submit' class='btn btn-default'>EDIT POST</button>"
?>
</form>
submitedit.php
<?php
if(!isset($_POST['id'])){
header('Location: delete.php');
exit();
}else{
$id = $_POST['id'];
include('../includes/db_connect.php');
if(isset($_POST['submit'])){
$title = $_POST['title'];
$price = $_POST['price'];
$description = $_POST['description'];
$category = $_POST['category'];
$title = $db->real_escape_string($title);
$price = $db->real_escape_string($price);
$description = $db->real_escape_string($description);
if($title && $price && $description && $category){
$editquery = "UPDATE post SET title='$title', price='$price', description='$description', category='$category' WHERE post_id='$id'";
$edquery = $db->prepare($editquery);
$edquery->bind_result("ssss", $title, $price, $description, $category);
$edquery->execute();
if($edquery){
echo "Updated!";
}else{
echo "error";
}
}else{
echo "missing data";
}
$postid = $db->insert_id;
for($i=0; $i<count($_FILES["images"]["name"]); $i++)
{
$filetmp = $_FILES["images"]["tmp_name"][$i];
$filename = $_FILES["images"]["name"][$i];
$filetype = $_FILES["images"]["type"][$i];
$filepath = "images/".$filename;
move_uploaded_file($filetmp, $filepath);
$sql = "INSERT INTO images (img_name, img_path, img_type, post_id) VALUES ('$filename', '$filepath', '$filetype', '$postid')";
$result = mysqli_query($db, $sql);
}
}
?>
You send your form with POST method while you try to read id from GET array. Change it to $_POST['id'], and you're all set
I am using the following code to display certain rows from my database table:
<?php
$searchtype=$_POST['searchtype'];
$searchterm=$_POST['searchterm'];
$searchterm= trim($searchterm);
if (!$searchtype || !$searchterm)
{
echo 'Error';
exit;
}
if (!get_magic_quotes_gpc())
{
$searchtype = addslashes($searchtype);
$searchterm = addslashes($searchterm);
}
$db = include "connect2db.php";
$query = "select * from notes where ".$searchtype." like '%".$searchterm."%'";
$result = $db->query($query);
$num_results = $result->num_rows;
echo '<p>Number of rows found: '.$num_results.'</p>';
for ($i=0; $i <$num_results; $i++)
{
$row = $result->fetch_assoc();
echo '<i>';
echo stripslashes($row['date']);
echo '</i><br /> ';
echo '<b>';
echo stripslashes($row['notetitle']);
echo '</b><br /> ';
echo stripslashes($row['note']);
echo '<br /><br /> ';
echo '</p>';
}
$result->free();
$db->close();
?>
Now I would like to display an edit-link for each row displayed, that can open a new page in which it is possible to edit a specific row. I already have the code that lets you edit the row:
<?php
if ($_REQUEST['save']=="Save") { // is data submitted?
// create variables
$noteid = $_REQUEST['noteid'];
$coursename = $_REQUEST['coursename'];
$notetitle = $_REQUEST['notetitle'];
$note = $_REQUEST['note'];
$query = "UPDATE notes SET ";
$query .= "coursename='$coursename', ";
$query .= "notetitle='$notetitle', ";
$query .= "note='$note' ";
$query .= "WHERE noteid='$noteid'";
$result = $db->query($query);
} elseif ($_REQUEST['delete']=="Delete") { // is data to be removed?
$noteid = $_REQUEST['noteid'];
$query="DELETE FROM notes WHERE noteid='$noteid'";
$result = $db->query($query);
}
?>
<div class="formular">
<div class="row1">
<p>Id</p>
<p>Notetitle</p>
<p>Note</p>
</div>
<?php
$query = "SELECT * FROM notes ORDER BY noteid DESC";
$result = $db->query($query);
while ($row = mysqli_fetch_array($result)) {
echo "<form ".$_SERVER['PHP_SELF']." name='edit-form' method='post' class='row1'>\n";
echo "<p class='align_top padding_top'>".$row['noteid']."<input type='hidden' name='noteid' value='".$row['noteid']."' /></p>\n";
echo "<p class='align_top'><input type='text' name='notetitle' value='".$row['notetitle']."' /></p>\n";
echo "<p><textarea name='note' rows='10' cols='50'>".$row['note']."</textarea></p>\n";
echo "<p><input type='submit' name='save' value='Save' /></p>";
echo "<p><input type='submit' name='delete' value='Delete' /></p>";
echo "</form>\n";
}
echo '</div>';
$result->free();
$db->close();
?>
What I am struggling with is how to display an edit-link for each row that lets you open a page where you can edit/delete the content of only that row.
I hope someone can help, I am very new at this.
Thank you!
Add a button next to each row that opens an edit page (or modal) with the id inside, example: <button onclick="edit('randomId')">Edit RandomId </button>
You could implement something different that accepts the unique id of that specific row and open a new page or modal with it.
I've learned a lot from this question, on how to send multiple order information on the database. In my table rows of "order.php" is composed of rows about order information sent by the customers. My code is only for single order only. But I want to view in the other page the multiple orders sent by one customer.
Here is my code for "order.php"
<?php
session_start();
$conn = mysqli_connect('localhost','root','','sampsix');
if(mysqli_connect_errno()){
echo 'Failed to connect: '.mysqli_connect_error();
}
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM orders WHERE id='$_POST[hidden]'";
mysqli_query($conn,$DeleteQuery);
}
if(isset($_POST['view'])){
header('Location: view_order.php');
}
$query = "SELECT * FROM orders ORDER BY id";
$results = mysqli_query($conn,$query);
echo '<table border="1">';
echo '<tr>';
echo '<th>ID</th>';
echo '<th>Firstame</th>';
echo '<th>Lastname</th>';
echo '<th>Email</th>';
echo '<th>Order Name</th>';
echo '<th>Order Code</th>';
echo '<th>Order Qty</th>';
echo '<th>Sub Total</th>';
echo '</tr>';
while($orderData = mysqli_fetch_array($results)){
echo '<form action="order.php" method="POST">';
echo '<tr>';
echo '<td>'.$orderData['id'].'</td>';
echo '<td>'.$orderData['firstname'].'</td>';
echo '<td>'.$orderData['lastname'].'</td>';
echo '<td>'.$orderData['email'].'</td>';
echo '<td>'.$orderData['ordername'].'</td>';
echo '<td>'.$orderData['ordercode'].'</td>';
echo '<td>'.$orderData['orderqty'].'</td>';
echo '<td>'.$orderData['subtotal'].'</td>';
echo '<td><input type="hidden" name="hidden" value="'.$orderData['id'].'"></td>';
echo '<td><input type="submit" name="delete" value="Delete"></td>';
echo '</form>';
echo "<td><a href='view_order.php?id=".$orderData['id']."'>View</a></td>";
echo '</tr>';
}
echo '</table>';
mysqli_close($conn);
?>
And here is my "view_order.php" where in the order information is in there:
<?php
include_once('config.php');
if(isset($_GET['id'])){
$id = $_GET['id'];
$query = $mysqli->query("SELECT id,firstname,lastname,email,ordername,ordercode,orderqty,subtotal FROM orders WHERE id='$id'");
if($query){
while($obj = $query->fetch_object()){
echo 'ID: '.$obj->id;
echo 'Firstname: '.$obj->firstname;
echo 'Lastname: '.$obj->lastname;
echo 'Email: '.$obj->email;
echo 'Order Name: '.$obj->ordername;
echo 'Order Code: '.$obj->ordercode;
echo 'Order Qty: '.$obj->orderqty;
echo 'Sub total: '.$obj->subtotal;
}
}
}
?>
This code above also execute single order only. I just thinking what if the customers has multiple order and I want to view it all in the other page.
Now you use the id as identifier which refers to just one order. If you want all orders of a customer you should select by the identificator of the customer. In your case i think it is firstname and lastname. You should replace the id with firstname and lastname. You will get something like this:
<?php
session_start();
$conn = mysqli_connect('localhost','root','','sampsix');
if(mysqli_connect_errno()){
echo 'Failed to connect: '.mysqli_connect_error();
}
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM orders WHERE id='$_POST[hidden]'";
mysqli_query($conn,$DeleteQuery);
}
if(isset($_POST['view'])){
header('Location: view_order.php');
}
$query = "SELECT * FROM orders ORDER BY id";
$results = mysqli_query($conn,$query);
echo '<table border="1">';
echo '<tr>';
echo '<th>ID</th>';
echo '<th>Firstame</th>';
echo '<th>Lastname</th>';
echo '<th>Email</th>';
echo '<th>Order Name</th>';
echo '<th>Order Code</th>';
echo '<th>Order Qty</th>';
echo '<th>Sub Total</th>';
echo '</tr>';
while($orderData = mysqli_fetch_array($results)){
echo '<form action="order.php" method="POST">';
echo '<tr>';
echo '<td>'.$orderData['id'].'</td>';
echo '<td>'.$orderData['firstname'].'</td>';
echo '<td>'.$orderData['lastname'].'</td>';
echo '<td>'.$orderData['email'].'</td>';
echo '<td>'.$orderData['ordername'].'</td>';
echo '<td>'.$orderData['ordercode'].'</td>';
echo '<td>'.$orderData['orderqty'].'</td>';
echo '<td>'.$orderData['subtotal'].'</td>';
echo '<td><input type="hidden" name="hidden" value="'.$orderData['id'].'"></td>';
echo '<td><input type="submit" name="delete" value="Delete"></td>';
echo '</form>';
echo "<td><a href='view_order.php?firstname=".$orderData['firstname']."&lastname=".$orderData['lastname']."'>View</a></td>";
echo '</tr>';
}
echo '</table>';
mysqli_close($conn);
?>
And the view page:
<?php
include_once('config.php');
if(isset($_GET['firstname'])){
$firstname = $_GET['firstname'];
if(isset($_GET['lastname'])){
$lastname = $_GET['lastname'];
$query = $mysqli->query("SELECT id,firstname,lastname,email,ordername,ordercode,orderqty,subtotal FROM orders WHERE firstname='$firstname' and lastname='$lastname'");
if($query){
while($obj = $query->fetch_object()){
echo 'ID: '.$obj->id;
echo 'Firstname: '.$obj->firstname;
echo 'Lastname: '.$obj->lastname;
echo 'Email: '.$obj->email;
echo 'Order Name: '.$obj->ordername;
echo 'Order Code: '.$obj->ordercode;
echo 'Order Qty: '.$obj->orderqty;
echo 'Sub total: '.$obj->subtotal;
}
}
}
?>
Note that this structure isn't the best solution. I would store my customers in another table, because what happens if two people have the same first- and lastname?
In your other question you also create a row for each product in your order table. If you want to do it well you should create another table like order_rules and store your products in that table with an order id. You should normalize your tables. I think this is a good description and tutorial about normalizing tables.
Please note this code is not safe to use - it contains a number of SQL injection vulnerabilities. It has just been amended into a working state from the code in the original post.
I am making a shopping basket for my website and I am stuck on updating the quantities, I have a database conected and the basket is being generated from a basket table, I have a Loop which displays the products in a users basket and produces a
form for each product that is generating a textbox where a user can enter the quanitity and then click submit. I have a seperate file called updatebasket which excutes an UPDATE statement using the gameID in the whereclause. I am having trouble sending the gameID for each product over to the updatebasket file when the update button is clicked. Here is my code below.
This is the cart.php File
CART.PHP
<?php
require "dbconnect.php";
session_start();
$memberID = $_SESSION['id'];
$query = "SELECT rectable.gameID, rectable.gameIMG, rectable.gamePrice, rectable.gameName FROM rectable, basket WHERE rectable.gameID = basket.gameID AND basket.id = '".$memberID."'";
$results = $connect->query($query);
$numrow = $results->num_rows;
$count = 0;
while ($count < $numrow)
{
$row = $results -> fetch_assoc();
extract($row);
echo"<div>";
echo"<div class='recommended_games'>";
echo "<img src='images/".$gameIMG."' />";
echo "</div>";
echo '<div class="price_tag">';
echo '<div class="price_tag">£'.$gamePrice. '</div>';
echo'</div>';
echo '<div id="update_form"><form action="updatebasket.php" method="post" name="updateform">';
echo '<input type="text" value="1" name="quantity" id="quantity" />';
echo '<input type="text" value="'.$gameID.'" name="'.$gameID.'" id="gameid" />';
echo '<input type="submit" value="update" />';
echo '</form>';
echo '</div>';
echo"<img class='box1' src='Images/Grey-Banners.png' />";
echo"</div>";
$count = $count + 1;
}
?>
This is the updatebasket.php file
UPDATEBASKET.PHP
<?php
session_start();
require "dbconnect.php";
$memberID = $_SESSION['id'];
$quantity = $_POST['quantity'];
$gameID = $_POST['gameID'];
$query = "UPDATE basket SET quantity = '".$quantity."' WHERE gameID = '".$gameID."' AND id = '".$memberID."' ";
header('Location: cart.php')
?>