Page 1 of 1

Problems passing data

Posted: Mon Apr 05, 2010 4:05 am
by rigorlicious
I'm having trouble with what I thought would be a simple page

basically I'm trying to pass the requested amount from this page:


$usern = $_SESSION['usern'];
$userid = $_SESSION['userid'];
$prodid = $_GET['prodid'];

echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>";
echo "<html xmlns='http://www.w3.org/1999/xhtml'>";
echo "<head>";
echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />";
echo "<title>Comic</title>";
echo "<link href='../CSS/style5.css' rel='stylesheet' type='text/css' />";
echo "</head>";

echo "<body>";
echo "<div id='wrap'>";
echo "<div id='header'>Logged In:"; echo $usern;
echo " <br />";
echo " <h6><a href='profile.php'>PROFILE</a> <a href='logout.php'>LOGOUT</a></h6>";
echo " </div>";
echo " <div id='nav'><a href='main.php'>MAIN</a> <a href='bid.php'>BID</a> <a href='trade.php'>TRADE</a> <a href='buy.php'>BUY</a> <a href='sell.php'>SELL</a> <a href='forum.php'>FORUM</a> <a href='about.php'>ABOUT</a> <a href='links.php'>LINKS</a></span> </div>";
echo " <div id='content'>";
echo " <div id='right'><p>Cart";
echo " <hr/>";
$execute_statement2 = "SELECT * FROM cart WHERE userid = '$userid'";

$results = mysql_query($execute_statement2) or die ('Error 2');

$total = 0.00;

while($row2 = mysql_fetch_array($results))
{
$quantity = $row2["prodqt"];
$productname = $row2["prodname"];
$price = $row2["prodprice"];

$total = $total + ($price * $quantity);
}

if ($prodid == '')

{
echo "Your Cart Is Empty";
}
else {
echo $productname;
echo $quantity;
echo $price;
echo "Total:"; echo $total;
}
echo " <br />";
echo " <a href='checkout1.php'>Checkout</a></div>";
echo " <div id='left'>";

$execute_statement = "SELECT * FROM product WHERE prodid = $prodid";

$results = mysql_query($execute_statement) or die ('Error 1');


while($row = mysql_fetch_array($results)){

$prodname = $row["prodname"];
$proddesc = $row["proddesc"];
$prodprice = $row["prodprice"];
$prodqt = $row["prodqt"];
$proddate = $row["proddate"];
$prodyear = $row["prodyear"];
$prodcond = $row["prodcond"];
$prodpub = $row["prodpub"];


echo $prodname;
echo "<br>";
echo $proddesc;
echo "<br>";
echo $prodprice;
echo "<br>";
echo $prodqt;
echo "<br>";
echo $proddate;
echo "<br>";
echo $prodyear;
echo "<br>";
echo $prodcond;
echo "<br>";
echo $prodpub;

}
echo "<br>";
echo "<br>";
echo "<form action='add.php' method=\'post\'>";
echo " Quantity Requested: <input type = \"text\" name=\"prodqt\" />";
echo "<input type=\"hidden\" name=\"prodid\" value=\"$prodid\" />";
echo "<input type=\"hidden\" name=\"prodname\" value=\"$prodname\" />";
echo "<input type=\"hidden\" name=\"prodprice\" value=\"$prodprice\" />";
echo "<input type = submit class='submit_input' value = 'Add To Cart' />";
echo "<br>";
echo "<br>";
echo "<br>";
echo " </div>";
echo " <div class='clear'></div>";
echo " <div id='footer'><h5>";
echo " Comic Trader Live!";
echo " <br />";
echo " Copywrite 2010</h5>";

echo " </div>";
echo " </div>";
echo "</div>";

echo "</body>";
echo "</html>";
?>

To this page:


$usern = $_SESSION['usern'];
$userid = $_SESSION['userid'];
$prodid = $_GET['prodid'];
$prodprice = $_GET['prodprice'];
$prodname = $_GET['prodname'];
$prodqt = $_POST['prodqt'];

print $prodqt;

$execute_statement2 = "INSERT INTO cart VALUES($userid, $prodid, $prodprice, $prodqt, $prodname)";

print $execute_statement2;

mysql_query($execute_statement2) or die ('Error executing SQL 2');

echo"<META http-equiv=\'refresh\' content=\'0;URL=main.php'>";


$execute_statement = "SELECT prodqt FROM product WHERE prodid = $prodid";

print $execute_statement;

print $results;

mysql_query($execute_statement) or die ('Error executing SQL 1');

while($item = mysql_fetch_array($results)){


$prodquantity = $item['prodqt'];


echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>";
echo "<html xmlns='http://www.w3.org/1999/xhtml'>";
echo "<head>";
echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />";
echo "<title>Basic 3 Column Layout</title>";
echo "<link href='../CSS/style4.css' rel='stylesheet' type='text/css' />";

echo "</head>";

echo "<body>";
echo "<div id='wrap'>";
echo " <div id='header'>Logged In:"; echo $usern;
echo " <br />";
echo " <h6><a href='profile.php'>PROFILE</a> <a href='logout.php'>LOGOUT</a></h6>";
echo " </div>";
echo " <div id='nav'><a href='main.php'>MAIN</a> <a href='bid.php'>BID</a> <a href='trade.php'>TRADE</a> <a href='buy.php'>BUY</a> <a href='sell.php'>SELL</a> <a href='forum.php'>FORUM</a> <a href='about.php'>ABOUT</a> <a href='links.php'>LINKS</a></span> </div>";
echo " <div id='content'>";
echo " <div id='center'>";
echo " <br />";
echo " <br />";
echo " <br />";
echo " Your requested amount has exceeded the amount available quantity in our inventory. Please go back and enter a different amount.";
echo "</p></div>";
echo " <div class='clear'></div>";
echo " <div id='footer'><h5>";
echo " Comic Trader Live!";
echo " <br />";
echo " 2010</h5>";

echo " </div>";
echo " </div>";
echo "</div>";

echo "</body>";
echo "</html>";

}
?>

But for some reason it won't show the quantity entered.

Any help would be very much appriciated.

Re: Problems passing data

Posted: Mon Apr 05, 2010 7:35 am
by learnerabn
r u sure u stored the second file as add.php?

Re: Problems passing data

Posted: Mon Apr 05, 2010 9:31 am
by lunarnet76
gosh this is a kind of :banghead: problem...
you just need to replace

Code: Select all

method=\'post\'
by

Code: Select all

method=\"post\"

:drunk:

otherwise you should think just a bit about security and always use

Code: Select all

$execute_statement2 = "SELECT * FROM cart WHERE userid = ".(int)$userid.";

so it's transform $userid into an integer even if it was not (just a small step, but an easy one)!

Re: Problems passing data

Posted: Mon Apr 05, 2010 9:32 am
by lunarnet76
for next time please use the "PHP Code" tag of the forum when posting code, it helps a lot!