$_GET problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Nomistake
Forum Newbie
Posts: 15
Joined: Sat Oct 02, 2010 11:16 am

$_GET problem

Post by Nomistake »

Hi,

I'm fairly new to php.
I just made a webshop where i use $_GET to get the items into the shopping cart.
(with mysql)
The URL reads: http://localhost/phpsite/shop.php?&artid=1819040

The problem is, when i refresh te browser's page, the item added a second time and so on...
I tried some if/else and isset, but no luck...

I googled around but didnt find a nice solution (if any :-))

The items are listed in a table, so i'm not able to use $_POST...


Someone? 8O


Thanks!
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: $_GET problem

Post by JakeJ »

$_GET retains the values after submitting a form. I don't really understand what you mean by saying you can't use $_POST because the items are in a table.

Also, maybe you should consider using an off the shelf (or download as it were) ecommerce package. Being new to PHP, if you try to build an app yourself, it's likely to be full of security holes, etc. But if you're doing it just for practice, go for it.

But I still don't understand why you can't use $_POST. Please explain by posting some code and elaborating on it.

Thanks!
Nomistake
Forum Newbie
Posts: 15
Joined: Sat Oct 02, 2010 11:16 am

Re: $_GET problem

Post by Nomistake »

Hi JakeJ!
Thanks for the reply.
$_GET retains the values after submitting a form
isnt it the $_POST that retains the values after sub a from?

Here you can see a part of the code wich creates a table with al the items and for each item a link to order it. (

Code: Select all

echo "<td><a href=\"shop.php?&artid=".$id."\">order</a></td>";
)

Code: Select all

mysql_query($query); // execute the defined $query.
$result = mysql_query($query); // $result is given the mysql_query($query) value (this is sort of array).
$num = mysql_num_rows($result); // we need to know how many rows there are in the $result.
mysql_close();
//----------------------------------------------------------------------------------------------- create the items table
<table>
$i=0;
while ($i < $num) {
	  $merk = mysql_result($result,$i,"PublisherName");
	  $beschrijving = mysql_result($result,$i,"Description");
	  $prijs = mysql_result($result,$i,"PricePersonal_Eur");
	  $recupel = mysql_result($result,$i,"RecupelEUR");
	  $stock = mysql_result($result,$i,"Stock");
	  $id = mysql_result($result,$i,"ArtID");
	  
	  $prijsexcl = (round($prijs*$_SESSION ['marge'],0) + $_SESSION ['levering']);
	  $prijsincl = ((round($prijs*$_SESSION ['marge'],0)*$_SESSION ['btw']) + $_SESSION ['levering']);
	  
			echo "<tr>";
				echo "<td>" . $merk . "</td>";
				echo "<td>" . utf8_encode($beschrijving) . "</td>";
				echo "<td>" . $prijsexcl . "</td>";
				echo "<td>" . $prijsincl . "</td>";
				echo "<td>" . $recupel . "</td>";
				echo "<td>" . $stock . "</td>";
				echo "<td><a href=\"shop.php?&artid=".$id."\">order</a></td>";	
				}
			echo "<tr>";
	  $i++;
}
?>
</table>
When a customer clicks to order, they go to http://localhost/phpsite/shop.php?&artid=1518605
I use the variable $_GET['artid'].
With isset i check wether $_GET['artid'] is set, and when it is set, ik use $_GET['artid'] to write some values into a mysql database:

Code: Select all

if (isset ($_GET["artid"])){ //if is set, starts adding item to cart table of the database.
	if (isset ($_SESSION['user_account'])) { // checks is user is logged in. If true, data is added to the cart table
			mysql_connect(localhost,$username,$password);
			@mysql_select_db($database) or die( "Unable to select database");
			$query = "INSERT INTO cart VALUES ('','".$_SESSION['user_email']."','".$_GET['merk']."','".$_GET['beschrijving']."','".$_GET['prijsexcl']."','".$_GET['prijsincl']."','".$_GET['recupel']."','".$_GET['stock']."','" . $_GET["artid"] . "')"; // al the $_GET variables and the $_SESSION variable are put into the cart table.
			mysql_query($query);
			mysql_close();
	} else { // if user isnt signed in, a message is displayed
			$_SESSION['warning'] = "gelieve U eerst aan te melden!";
			echo "<div align=\"center\" style=\"color:#C00\">".$_SESSION['warning']."&nbsp&nbsp</div><br>";
	}
}
This works, but when i refresh the browser page, he execute it again, so the item gets written a second time into the mysql database... i dont want that :(
Not that a customer will refresh a page much, but its something i dont want to be possible to happen...
So i'm looking for a way that when a page refresh is executed, it doesnt execute the code again. But is has to execute the code again when a item is ordered...

Since i use

Code: Select all

echo "<td><a href=\"shop.php?&artid=".$id."\">order</a></td>";
in the table, i cant use $_POST.

I have read that i can only use POST with a form. I use a table to list all the shop items...

How can i make sure that when a user accidentally refreshes the page, the item isnt added a second time...

As for the security reason, there are indeed some security holes. The good this is, that the customer money has to be on our money account before we order it... and the customer has to be registered and veryfied before they can oder something... i this this take care of the most security issues? or are there other that i'm not aware off?

Hope i'm explaining it in an understandable manner...

The short story:
I use a get variable in the url to put data in a mysql database.
When refreshing the page, its added again because the get variable is still set. i dont want that :banghead: :wink:


Thanks!
User avatar
Ragnis
Forum Commoner
Posts: 31
Joined: Thu Nov 13, 2008 12:35 pm
Location: Saaremaa, Estonia, Europe, Asia, Planet Earth, The Solar System, Milky way.

Re: $_GET problem

Post by Ragnis »

After the data is added tothe database, redirect user to somewhere else.

Or if you want the user to stay on current page, just redirect him to shop.php?&artid=1819040&done=1.
Nomistake
Forum Newbie
Posts: 15
Joined: Sat Oct 02, 2010 11:16 am

Re: $_GET problem

Post by Nomistake »

yes, maybe that is a good option.
i'll try the redirection to the same page setting done=1
then i make the code this way that it only submit it when done=0

now i only need to figure out how to automaticly redirect them after the data is added :-)
you have a nice way to do this?

thanks!
Nomistake
Forum Newbie
Posts: 15
Joined: Sat Oct 02, 2010 11:16 am

Re: $_GET problem

Post by Nomistake »

something do do with this i guess:
void header ( string $string [, bool $replace = true [, int $http_response_code ]] )
Nomistake
Forum Newbie
Posts: 15
Joined: Sat Oct 02, 2010 11:16 am

Re: $_GET problem

Post by Nomistake »

thank you Ragnis!

I have put the code that puts the data in the database on a other page (item_addtomysql.php)
and on this page i made the redirection:

Code: Select all

header("Location:shop.php");
works very fine!
and very usefull for my account logout and item delete functions...

you made my day
:drunk:
thanks!
Post Reply