Page 1 of 1

Next problem :)

Posted: Mon Oct 23, 2006 12:24 pm
by calumstevens
Ok so now that I have created an add customer page (with a little help). I would like to use the header function to redirect to an acknowledgement page.

When I add a customer the record is added to the db, but this error is displayed:

Error in query:SELECT * FROM customer WHERE CustomerID = . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Any pointers/solutions greatly appreciated :)

The code for the addcustomer page:

Code: Select all

<?php
	include "connection.php"
?>
<?php 
   


$newFirstname = $_POST['firstname'];

$newSurname = $_POST['surname'];

$newUsername = $_POST['username'];

$newEmail = $_POST['email'];

$newPassword = $_POST['password'];


$query = "INSERT INTO customer (Firstnames, Surname, Username, Email, Password) VALUES ('$newFirstname', '$newSurname', '$newUsername', '$newEmail', '$newPassword')";




$result = mysql_query($query) or die ("Error in query:$query. 
".mysql_error()); 


// (5) print message with ID of inserted record    
header("Location: userReceipt.php?"."CustomerID=". mysql_insert_id($connection)); 


  mysql_close($connection);     

?>
The code for the acknowledgement page is as follows:

Code: Select all

<?php
	include "connection.php"
?>

<?php


// (2)gather details of CustomerID sent 

$customerId = $_GET['CustomerID'] ;

// (3)create query 

$query = "SELECT * FROM customer WHERE CustomerID = $CustomerID";



// (4) Run the query on the customer table through the connection

$result = mysql_query($query) or die ("Error in query:$query. 
".mysql_error()); 


// (5) print message with ID of inserted record    

if ($row = @ mysql_fetch_array($result)) 
{ 
print "The following Customer was added"; 
print "<br>Customer ID: " . $row["CustomerID"]; 
print "<br>First Name: " . $row["Firstnames"]; 
print "<br>Surname: " . $row["Surname"]; 
print "<br>User Name: " . $row["Username"]; 
print "<br>Email: " . $row["Email"]; 
print "<br>Password: " . $row["Password"]; 
}

// close connection 
mysql_close($connection); 

?>

Posted: Mon Oct 23, 2006 12:29 pm
by Burrito

Code: Select all

$customerId = $_GET['CustomerID'] ;

// (3)create query

$query = "SELECT * FROM customer WHERE CustomerID = $CustomerID";
php is case sensitive.

Posted: Mon Oct 23, 2006 12:34 pm
by Cameri
$customerID is not $CustomerID, variables are case sensitive:

Code: Select all

// (2)gather details of CustomerID sent

$customerId = $_GET['CustomerID'] ;

// (3)create query

$query = "SELECT * FROM customer WHERE CustomerID = $CustomerID";
to this:

Code: Select all

// (2)gather details of CustomerID sent

$CustomerId = $_GET['CustomerID'] ;

// (3)create query

$query = "SELECT * FROM customer WHERE CustomerID = $CustomerID";
And also a few suggestions, check if the variables are set in $_POST with isset(), validate them, add slashes, maybe mysql_real_escape_string() <-- not sure if it's the best option.

Posted: Mon Oct 23, 2006 12:35 pm
by calumstevens
Excellent, working now thankyou.

I hope spotting stuff like that gets easier, as even though I knew it was case sensitive I still missed it over and over lol xD

Posted: Mon Oct 23, 2006 12:36 pm
by Cameri
Never trust user input, always validate the fields, or your db could become compromised.

Posted: Mon Oct 23, 2006 12:39 pm
by calumstevens
hehe thanks but im just figuring out the basic workings for now, as you can see im having enough trouble as it is! :)

Once I've figured out how to setup pages that can write, delete, amend, then ill start investigating validation.