mysql - PHP SQL Insert text value into database -


i working on online shopping cart project, requires me able add custom text input field each item added shopping cart. however, when attempt insert information each item in card database, cannot figure out how pass itemtext value insert statement. how go being able pass itemtext value initial item list database orderitems? itemtext input on line 170, , want pass insert statement seen on line 83.

<?php  session_start();  $user =  $_session['user'];  if(!isset($user)) {  	header("location:userlogin.php");  }  $cart = $_cookie['wsc'];    if(isset($_post['clear'])) {  	$expire = time() -60*60*24*7*365;  	setcookie("wsc", $cart, $expire);  	header("location:order.php");  }  if($cart && $_get['id']) {  	$cart .= ',' . $_get['id'];  	$expire = time() +60*60*24*7*365;  	setcookie("wsc", $cart, $expire);  	header("location:order.php");  }  if(!$cart && $_get['id']) {  	$cart = $_get['id'];  	$expire = time() +60*60*24*7*365;  	setcookie("wsc", $cart, $expire);  	header("location:order.php");  }  if($cart && $_get['remove_id']) {  	$removed_item = $_get['remove_id'];  	$arr = explode(",", $cart);  	unset($arr[$removed_item-1]);  	$new_cart = implode(",", $arr);  	$new_cart = rtrim($new_cart, ",");  	$expire = time() +60*60*24*7*365;  	setcookie("wsc", $new_cart, $expire);  	header("location:order.php");  }    if(isset($_post['placeorder'])) {  	$email = $user;  	$orderdate = date('m/d/y');  	$ordercost = $_post['ordercost'];  	$ordertype = $_post['ordertype'];  	$downcost = $_post['downcost'];  	$cardtype = $_post['cardtype'];  	$cardnumber = $_post['cardnumber'];  	$cardsec = $_post['cardsec'];  	$cardexpdate = $_post['cardexpdate'];  	$orderstatus = "pending";  	  	if($ordertype=="") {  		$ordertypemsg = "<br><span style='color:red;'>you must enter order type.</span>";  	}  	if($cardtype=="") {  		$cardtypemsg = "<br><span style='color:red;'>you must enter card type.</span>";  	}  	if($cardnumber=="") {  		$cardnumbermsg = "<br><span style='color:red;'>you must enter card number.</span>";  	}  	if($cardsec=="") {  		$cardsecmsg = "<br><span style='color:red;'>you must enter security code.</span>";  	}  	if($cardexpdate=="") {  		$cardexpdatemsg = "<br><span style='color:red;'>you must enter expiration date.</span>";  	}  	  	else {  		include ('includes/dbc_admin.php');  		$sql = "insert orders (email, orderdate, ordercost, ordertype, downcost, cardtype, cardnumber, cardsec, cardexpdate, orderstatus)  		values ('$email', '$orderdate', '$ordercost', '$ordertype', '$downcost', '$cardtype', '$cardnumber', '$cardsec', '$cardexpdate', '$orderstatus')";          mysql_query($sql) or trigger_error("whoa! ".mysql_error());  		$sql = "select orderid orders";  		$result = mysql_query($sql) or die("invalid query: " . mysql_error());  		while($row=mysql_fetch_assoc($result)) {  		$myid = $row[orderid];  		}  		$itemnumber = 1;  		$items = explode(',', $cart);  		foreach($items $item) {  		$sql = "select * catalog id = '$item'";  		$result = mysql_query($sql) or die("invalid query: " . mysql_error());  			while($row=mysql_fetch_assoc($result)) {  			$itemtext = $_post['itemtext'];  			$sql= "insert orderitems (orderid, itemnumber, itemid, itemtype, media, itemtext, price)  			value ('$myid', '$itemnumber', '$row[itemid]', '$row[itemtype]', '$row[media]', '$itemtext[itemnumber]', '$row[price]')";  			mysql_query($sql) or trigger_error("whoa! ".mysql_error());  			}  		$itemnumber++;  		}  		$inserted = "<h2>thank you!</h2> <h3>your order has been placed.</h3>";  	}  }    ?>    <!doctype html>  <html>  <head>  <title>williams specialty company</title>  <link href="style.css" rel="stylesheet" type="text/css" />  <script type="text/javascript">  function validateform() {  	var ordercost = document.form1.ordercost.value;  	var downcost = document.form1.downcost.value;  	var ordertype = document.form1.ordertype.value;  	var cardtype = document.form1.cardtype.value;  	var cardnumber = document.form1.cardnumber.value;  	var cardsec = document.form1.cardsec.value;  	var cardexpdate = document.form1.cardexpdate.value;  	  	var ordertypemsg = document.getelementbyid('ordertypemsg');  	var cardtypemsg = document.getelementbyid('cardtypemsg');  	var cardnumbermsg = document.getelementbyid('cardnumbermsg');  	var cardsecmsg = document.getelementbyid('cardsecmsg');  	var cardexpdatemsg = document.getelementbyid('cardexpdatemsg');  	  	if(ordertype == ""){ordertypemsg.innerhtml = "you must enter order type."; return false;}  	if(cardtype == ""){cardtypemsg.innerhtml = "you must enter card type."; return false;}  	if(cardnumber == ""){cardnumbermsg.innerhtml = "you must enter card number."; return false;}  	if(cardsec == ""){cardsecmsg.innerhtml = "you must enter security code."; return false;}  	if(cardexpdate == ""){cardexpdatemsg.innerhtml = "you must enter expiration date."; return false;}  	  }  </script>  </head>    <body>  <?php include('includes/header.inc'); ?>    <?php include('includes/nav.inc'); ?>    <div id="wrapper">      <?php include('includes/aside.inc'); ?>      <section>  	<h2>my cart</h2>  	<table width="100%">  		<tr>  		<th>catalog id</th>  		<th>item name</th>  		<th>price</th>  		<th>item text</th>  		<th>actions</th>  		</tr>  	<?php  		$cart = $_cookie['wsc'];  		if ($cart) {  			$i = 1;  			$ordercost;  			include('includes/dbc.php');  			$items = explode(',', $cart);  			foreach($items $item) {   				$sql = "select * catalog id = '$item'";  				$result = mysql_query($sql) or die("invalid query: " . mysql_error());  				while($row=mysql_fetch_assoc($result)) {  					echo '<tr>';  					echo '<td align="left">';  					echo $row['itemid'];  					echo '</td>';  					echo '<td align="left">';  					echo $row['itemname'];  					echo '</td>';  					echo '<td align="left">';  					echo $row['price'];  					$ordercost+=$row['price'];  					$downcost = $ordercost / 10;  					echo '</td>';  					echo '<td align="left">';  					echo '<p><input type="text" id= "itemtext" name="itemtext"></p>';  					echo '</td>';  					echo '<td align="left">';  					echo '<a href="order.php?remove_id='.$i.'">remove cart</a>';  					echo '</td>';  					echo '</tr>';  				}  				$i++;  			}  		}  		?>  	</table><br />  	<form method="post" action="<?php $_server['php_self'];?>">  		<input type="submit" name="clear" value="empty shopping cart">  	</form>  	<?php if(isset($inserted)) {echo $inserted;} else{ ?>  			<form method="post" action="<?php echo $server['php_self'] ?>" name="form1" onsubmit="return validateform()">  			<p>total price: <?php echo $ordercost;?> <input type="hidden" id="ordercost" name="ordercost" value="<?php echo $ordercost;?>"> </p>  			<p>down cost: <?php echo number_format((float)$downcost, 2, '.', '');?> <input type="hidden" id="downcost" name="downcost" value="<?php echo number_format((float)$downcost, 2, '.', '');?>"> </p>  			<p><label>order type:</label><br> <input type="text" id="ordertype" name="ordertype">  			<?php if(isset($ordertypemsg)) {echo $ordertypemsg;} ?>  			<br /><span id="ordertypemsg" style="color:red"></span>  			</p>  			<p><label>card type:</label><br> <input type="text" id="cardtype" name="cardtype">  			<?php if(isset($cardtypemsg)) {echo $cardtypemsg;} ?>  			<br /><span id="cardtypemsg" style="color:red"></span>  			</p>  			<p><label>card number:</label><br> <input type="text" id="cardnumber" name="cardnumber">  			<?php if(isset($cardnumbermsg)) {echo $cardnumbermsg;} ?>  			<br /><span id="cardnumbermsg" style="color:red"></span>  			</p>  			<p><label>card security code:</label><br> <input type="text" id="cardsec" name="cardsec">  			<?php if(isset($cardsecmsg)) {echo $cardsecmsg;} ?>  			<br /><span id="cardsecmsg" style="color:red"></span>  			</p>  			<p><label>card expiration date:</label><br> <input type="text" id="cardexpdate" name="cardexpdate">  			<?php if(isset($cardexpdatemsg)) {echo $cardexpdatemsg;} ?>  			<br /><span id="cardexpdatemsg" style="color:red"></span>  			</p>  			<p><input type="submit" name="placeorder" value="place order"></p>  		</form><?php }?>  </section>    </div>    <?php include('includes/footer.inc'); ?>    </body>  </html>

update: answer: change '$itemtext[itemnumber]' '$itemtext'

this going wrong because of way use quotes. (not answer might want think ;-) )

$sql = "insert orders (email, orderdate, ordercost, ordertype, downcost, cardtype, cardnumber, cardsec, cardexpdate, orderstatus)         values ('$email', '$orderdate', '$ordercost', '$ordertype', '$downcost', '$cardtype', '$cardnumber', '$cardsec', '$cardexpdate', '$orderstatus')";

you should not use '$email' -for example- ...values ('".$email."',...

learn more here: what difference between single-quoted , double-quoted strings in php?

on note, code not safe. please use: http://php.net/manual/en/function.mysql-real-escape-string.php

example:
...values ('".mysql_real_escape_string($email)."',...


Comments

Post a Comment

Popular posts from this blog

java - pagination of xlsx file to XSSFworkbook using apache POI -

right in code, reading xlsx file, xssfworkbook, , writing database. but, when size of xlsx file increases, causes outofmemory error. can not increase server size, or divide xlsx file pieces. tried loading workbook using file (instead of inputstream), didn't either. i looking way read 10k rows @ time (instead of entire file @ once) , iteratively write workbook , database. is there way apache poi? poi contains called "eventmodel" designed purpose. it's mentioned in faq : the ss eventmodel package api reading excel files without loading whole spreadsheet memory. require more knowledge on part of user, reduces memory consumption more tenfold. based on awt event model in combination sax. if need read-only access, best way it. however, may want double check first if issue somewhere else. check out this item : i think poi using memory! can do? 1 comes quite lot, reason isn't might think. so, first thing check - what's source of prob...
Read more

Unlimited choices in BASH case statement -

consider simple bash snippet: case $option in 1) image=${options[0]%.tar} ;; 2) image=${options[1]%.tar} ;; 3) image=${options[2]%.tar} ;; 4) image=${options[3]%.tar} ;; *) echo "invalid option" exit 1 esac in real script numbers goes 30. makes pretty long. can somehow specify cases variable? something this: case $option in $i) image=${options[$(($i-1))]%.tar} any pointer appreciated. you can match against multiple patterns in single clause: case $option in 1|2|3: echo "$option one, 2 or three" ;; esac if still typing you, can use simple pattern matching: case $option in # following matches # - single-digit numbers 0-9 # - two-digit numbers starting either 1 or 2 # - number 30 [0-9]|[12][0-9]|30) image=${options[$(($option-1))]%.tar} ;; *) echo "invalid option" 1>&2 exit 1 esac
Read more

apache - How do I stop my index.php being run twice for every user -

we've got webapp initial html served using apache , php. i noticed index.php being run twice every request. seems caused / effected rewrite rules in our .htaccess - rewritecond %{http_host} ^(www\.|hotels\.)ourdomain\.com$ [nc,or] rewritecond %{server_name} ^(www\.|hotels\.)ourdomain\.com$ [nc] rewriterule (.*) http://ourdomain.com/$1 [r=301] rewriterule ^hotels/([^/]+)/?\??(.*)$ ?d=$1&$2 [qsa] the final rule moving parameter url path query string. i.e. http://ourdomain.com/hotels/vegas?someparam=1 becomes http://ourdomain.com?d=vegas&someparam=1 if go directly query string version index.php run once. if use url redirected, index.php run twice (i'm checking adding error_log('end of index.php') file). so example going http://ourdomain.com/hotels/paris hits file twice http://ourdomain.com?d=paris hits once. i've seen this question , had @ blog mentioned , , can't find empty string url's (i've tried using yslow process). ...
Read more