i was basically given this code from a client of mine. apparently the guy who wrote it was a flake. anyway, the CMS this guy wrote was for an online bridal registry. it wasn't bad for a noob. but, there was one page that wasn't working quite the way it should. so i basically hacked the whole thing to the way i thought the page should function.
about the code:
as i mentioned it is a bridal registry. this page is a part of the admin side, where my client can go in and add a newlywed couple to the database. and add a registry for that couple. and then, add items in that registry. the items are being pulled from a separate CMS from their shopping cart (separate tables). when i recieved the code, it worked a little. it seems as if the the first thing is a dropdown menu of categories (from the shopping cart table). and if you choose one, another dropdown menu will appear next to it with all the items that match the category (again, shopping cart table). then, finally, if you choose an item, it will bring up another form next to that with 2 input fields (quantity requested, and still needs). then the admin can press submit, and the information is inserted into the database, and the same page is shown, except now, you will only see one dropdown menu (as if you wanted to add another item into the same registry, again). the registry database consists of 2 tables. one table contains newlywed couple information, along with a randomly generated ID. the other table is the registry table. it contains all the couple's registries and items within them (not the categories that the items fall under). the registries are affiliated with the newlywed by matching the couples unique ID with the registry's unique ID (they are the same).
the problem:
the code description is basically how it should work. after i've hacked it and made many changes, it seems that i'm losing my variables in the URL. this page begins with
Code: Select all
addItem.php?regID=76J7D9AFF07A8789Code: Select all
addItem.php?regID=76J7D9AFF07A8789&catID=51Code: Select all
addItem.php?regID=76J7D9AFF07A8789&catID=51&itemID=12Code: Select all
addItem.php?catID=51Code: Select all
<HTML>
<HEAD><TITLE>Add Registry Item</TITLE></HEAD>
<BODY>
<CENTER>
<TABLE BORDER="1" WIDTH="850" CELLPADDING="20">
<TR>
<TD WIDTH="%50" ALIGN="center"><H1>Admin Page</H1>
<B>Add Item</B>
<form method="POST" action="admin1.php?action=view_all">
<input type="SUBMIT" value="View All">
</form>
</TD>
<TD><?php include "admin_search.inc" ?></TD>
</TR>
</TABLE><BR>
<HR WIDTH="300"><BR>
<TABLE>
<TR>
<TD WIDTH="750">
<?php
/*connect to database*/
@ $db = mysql_connect("XXX", "XXX", "XXX");
if(!$db){
echo "Error: Could not connect to the database. Please try again later.";
exit;
}
/*select database*/
mysql_select_db("theverythinggifts", $db);
/*query newlywed's info*/
$sql = "SELECT * FROM my_search_table WHERE uID = '". $_GET['regID'] ."'";
$query = mysql_query($sql) OR die(mysql_error());
$row = mysql_fetch_array($query);
$regID = $row['uID'];
/*print newlywed info*/
echo "<B>Bride and Groom's Name: </B>". $row['brideFname'] ." ". $row['brideLname'] ." & ". $row['groomFname'] ." ". $row['groomLname'] ."<br /><br />";
echo "<B>Event Date: </B>". $row['event_month'] ."/". $row['event_day'] ."/". $row['event_year'] ."<br /><br />";
echo "<B>Preferred Shipping Address: </B>". $row['ship_add'] .", ". $row['ship_city'] .", ". $row['ship_state'] .", ". $row['ship_zip'] ."<br /><br />";
echo "<form action=\"updateRegistry.php?regID=". $regID ."\" method=\"post\">\n";
echo "<input type=\"submit\" value=\"<< Back to Registry\"></form>\n";
/*add item to registry*/
if(isset($_POST['execute_query'])){
/*change catID to category name*/
$sql = "SELECT * FROM categories
WHERE id = ". $_POST['catID'] ."";
$query = mysql_query($sql) OR die(mysql_error());
$row = mysql_fetch_array($query);
$catName = $row['name'];
/*change itemID to item name*/
$sql = "SELECT * FROM items
WHERE id = ". $_POST['itemID'] ."";
$query = mysql_query($sql);
$row = mysql_fetch_array($query) OR die(mysql_error());
$itemName = $row['name'];
if(empty($_POST['still_needs'])){
$_POST['still_needs'] = $_POST['qty_req'];
}elseif($_POST['still_needs'] > $_POST['qty_req']){
$_POST['still_needs'] = $_POST['qty_req'];
}
/*grab price and image from shoppingcart table*/
$sql = "SELECT * FROM items WHERE id = ". $_GET['itemID'] ."";
$query = mysql_query($sql) OR die(mysql_error());
$row = mysql_fetch_array($query);
$itemPhoto = $row['photo'];
$itemPrice = $row['price'];
/*generate unique item id*/
$totalChar = 29;
$salt = "ABCDEFHIJKLMNOPQRSTUVWXYZ0123456789---------";
srand((double)microtime()*1000000);
$UitemID = NULL;
for($i = 0; $i < $totalChar; $i++){
$UitemID = $UitemID . substr($salt, rand() % strlen($salt), 1);
}
/*insert item into registry*/
$addQuery = "INSERT INTO my_reg_table (id, uID, category, item, qty_req, still_needs, UregID, image, price)
VALUES('', '". $_GET['regID'] ."', '". $_POST['catID'] ."', '". $_POST['itemID'] ."',
'". $_POST['qty_req'] ."', '". $_POST['still_needs'] ."', '". $UitemID ."',
'". $itemPrice ."', '". $itemPhoto ."')";
mysql_query($addQuery) OR die(mysql_error());
/*unset variables*/
unset($_POST['catID'], $_POST['itemID'], $_POST['execute_query'], $_POST['qty_req'], $_POST['still_needs']);
}
echo "<CENTER><HR WIDTH=\"250\"></CENTER><br />\n";
/*query category info*/
$cat_sql = mysql_query("SELECT * FROM categories") or die(mysql_error());
echo "<TABLE BORDER=\"0\"><TR>\n";
echo "<TD align=\"left\" valign=\"bottom\">";
echo "<form action=\"addItem.php?regID=". $regID ."&catID=". $_POST['catID'] ." method=\"post\">\n";
echo "<SELECT NAME=\"catID\">\n";
echo "<OPTION VALUE=\"\">Choose a Category\n";
/*populate dropdown menu from the shopping cart product table*/
while($cat_row = mysql_fetch_array($cat_sql)){
echo "<OPTION VALUE=\"". $cat_row['id'] ."\"". (($_POST['category'] == $cat_row['id']) ? (" SELECTED") : ("")) .">". $cat_row['name'];
}
echo "</SELECT>\n";
echo "<input type=\"submit\" value=\">>\">\n";
echo "</form>\n";
echo "</TD>";
/*if a category hasn't been chosen, don't display anything else, yet*/
if(!isset($_GET['catID'])){
mysql_close($db);
exit;
}else{
/*
*if a category has been chosen,
*use this switch statement to populate
*the item list that falls under the
*chosen category
*/
switch($_GET['catID']){
case $_GET['catID']:
/*connect to database*/
$db = mysql_connect("XXX", "XXX", "XXX");
if(!$db){
echo "Error: Could not connect to the database. Please try again later.";
exit;
}
/*select database*/
mysql_select_db("theverythinggifts", $db);
/*now, we get the items that are in that category*/
$item_sql = mysql_query("SELECT id, name, cat FROM items WHERE cat = ". $_GET['catID'] ."") or die(mysql_error());
$item_row = mysql_fetch_array($item_sql);
echo "<TD align=\"left\" valign=\"bottom\">";
echo "<form action=\"addItem.php?regID=". $regID ."\"&catID=". $_GET['catID'] ."&itemID=". $_POST['itemID'] ." method=\"post\">\n";
echo "<SELECT NAME=\"item\">\n";
echo "<OPTION VALUE=\"\">Select an Item\n";
/*populate the matching category's item list here*/
while($item_row = mysql_fetch_array($item_sql)){
echo "<OPTION VALUE=\"". $item_row['id'] ."\"". (($_GET['itemID'] == $item_row['id']) ? (" SELECTED") : ("")) .">". $item_row['name'] ."\n";
}
echo "</SELECT>\n";
echo "<input type=\"submit\" value=\">>\"><br />\n";
echo "</form>\n";
echo "</TD>";
break;
default:
break;
}
}
/*
*the $item value is set within the switch statement.
*none of this below is displayed without the user first
*selecting a category, then through the switch statement
*selecting an item within that category.
*if an item isn't set, don't display anything.
*if an item has been seleceted, show the form for
*quantity requested, and still needs
*/
if(isset($_GET['itemID'])){
echo "<form action=\"". $_SERVER['php_self'] ."?regID=". $regID ."\" method=\"post\">";
echo "<TD align=\"right\" valign=\"bottom\">\n";
echo "<B>Quantity Requested:</B> ";
echo "<input type=\"text\" name=\"qty_req\" size=\"3\"><br />\n";
echo "<B>Still Needs:</B> ";
echo "<input type=\"test\" name=\"still_needs\" size=\"3\">\n";
echo "</TD></TR>";
echo "<TR><TD COLSPAN=\"3\" align=\"right\">\n";
echo "<input type=\"submit\" value=\"Submit\"></TD></TR></TABLE>\n";
echo "<input type=\"hidden\" name=\"catID\" value=\"". $_GET['catID'] ."\">\n";
echo "<input type=\"hidden\" name=\"itemID\" value=\"". $_GET['itemID'] ."\">\n";
echo "<input type=\"hidden\" name=\"execute_query\" value=\"execute\">\n";
echo "</form>\n";
}
?>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>