Code: Select all
$query1 = "SELECT * FROM cart WHERE cart.cookieId = '7e411b5ee9926542bea68dd079250c6e'";
$result1 = @mysql_query ($query);
$query2 = "UPDATE view SET itemId = їcolor=red]їb]' 'ї/b], ї/color]price їcolor=red]=їb] ' 'ї/b], ї/color]qty = їcolor=red]їb]' ' ї/b]ї/color] WHERE cart.cookieId = '7e411b5ee9926542bea68dd079250c6e' AND view.token_id = '$t' ";
$result2= @mysql_query;This is the table that involve.
Code: Select all
create table cart
(
cartId int auto_increment not null,
cookieId varchar(50),
itemId int,
qty int,
price decimal(4,2),
primary key(cartId),
unique id(cartId)
);
CREATE TABLE view (
view_id INT(3) UNSIGNED NOT NULL AUTO_INCREMENT,
token_id VARCHAR(10) NOT NULL,
account_no VARCHAR(50) NOT NULL,
name VARCHAR(20) NOT NULL,
address VARCHAR(50) NOT NULL,
postcode MEDIUMINT(5) NOT NULL,
state VARCHAR(10) NOT NULL,
country VARCHAR(10) NOT NULL,
itemId int,
qty int,
price decimal(4,2),
registration_date DATETIME NOT NULL,
PRIMARY KEY (token_id));This is my complete coding that related to the sql queries.
Code: Select all
<?php
// This is the registration page for the site.
// Set the page title and include the HTML header.
$page_title = 'Confirmation';
if (isset($_POSTї'submit'])) { // Handle the form.
$submit = true;
require_once ('./mysql_connect.php'); // Connect to the db
// Create a function for escaping the data.
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
} // End of function.
$message = NULL; // Create an empty new variable.
// Check for the account number.
if (empty($_POSTї'account_no'])) {
$aa = FALSE;
$message .= '<p>You forgot to enter your account number!</p>';
} else {
$aa = escape_data($_POSTї'account_no']);
}
if (empty($_POSTї'token'])) {
$t = FALSE;
$message .= '<p>You forgot to enter your reference ID!</p>';
} else {
$t = escape_data($_POSTї'token']);
}
if (empty($_POSTї'name'])) {
$n = FALSE;
} else {
$n = escape_data($_POSTї'name']);
}
if (empty($_POSTї'address'])) {
$ad = FALSE;
} else {
$ad = escape_data($_POSTї'address']);
}
if (empty($_POSTї'postcode'])) {
$p = FALSE;
} else {
$p = escape_data($_POSTї'postcode']);
}
if (empty($_POSTї'state'])) {
$s = FALSE;
} else {
$s = escape_data($_POSTї'state']);
}
if (empty($_POSTї'country'])) {
$c = FALSE;
} else {
$c = escape_data($_POSTї'country']);
}
if ( $aa && $t ) { // If everything's OK.
// Make sure the token available.
$query = "SELECT * FROM customer_bank WHERE token_id = '$t' AND account_no = '$aa' ";
$result = @mysql_query ($query);
if ($result) {
// Add the user.
$query = "INSERT INTO view (account_no, token_id, name, address, postcode, state, country) VALUES ('$aa','$t','$n','$ad','$p','$s','$c' )";
$result = @mysql_query ($query); // Run the query.
// Retrieve all of the information for the prints in the cart.
$query1 = "SELECT * FROM cart WHERE cart.cookieId = '7e411b5ee9926542bea68dd079250c6e'";
$result1 = @mysql_query ($query);
$query2 = "UPDATE view SET itemId = ' ', price = ' ', qty = ' ' WHERE cart.cookieId = '7e411b5ee9926542bea68dd079250c6e' AND view.token_id = '$t'";
$result2= @mysql_query;
// Successful add the new customer.
echo '<h3>Successful the transaction</h3>';
include ('includes/header_bank.html');
exit();
} else { // The account number does not match with token ID.
echo '<p><font color="red" size="+1">The account number does not match with the reference ID in the database</font></p>';
}
mysql_close(); // Close the database connection.
} else { // If it did not run OK.
$message = '<p>Please try again.</p>';
}
} // End of the main Submit conditional.
// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVERї'PHP_SELF']; ?>"method="post">
<fieldset><legend>Enter the reference id that you get request from the server with the account number that register with this website:</legend>
<p><b>Account number:</b> <input type="text" name="account_no" size="50" maxlength="50" value="<?php if (isset($_POSTї'account_no'])) echo $_POSTї'account_no']; ?>" /></p>
<p><b>Reference ID:</b> <input type="text" name="token" size="20" maxlength="20" value="<?php if (isset($_POSTї'token_id'])) echo $_POSTї'token_id']; ?>" /></p>
</fieldset>
<fieldset><legend>Enter the billing information correctly so that the product can delivered</legend>
<p><b>Recipient Name:</b> <input type="text" name="name" size="20" maxlength="20" value="<?php if (isset($_POSTї'name'])) echo $_POSTї'name']; ?>" /></p>
<p><b>Address:</b> <input type="text" name="address" size="50" maxlength="50" value="<?php if (isset($_POSTї'address'])) echo $_POSTї'address']; ?>" /></p>
<p><b>Postcode:</b> <input type="text" name="postcode" size="5" maxlength="5" value="<?php if (isset($_POSTї'postcode'])) echo $_POSTї'postcode']; ?>" /></p>
<p><b>State:</b> <input type="text" name="state" size="10" maxlength="10" value="<?php if (isset($_POSTї'state'])) echo $_POSTї'state']; ?>" /></p>
<p><b>Country:</b> <input type="text" name="country" size="10" maxlength="10" value="<?php if (isset($_POSTї'country'])) echo $_POSTї'country']; ?>" /></p>
</fielset>
<div align="center"><input type="submit" name="submit" value="Confirmation" /></div>
</form><!-- End of Form -->
<?php
include ('includes/footer_home.html');
?>Code: Select all
tags are down[/color]