|
PHP - Database Values With ' (apostrophes) Breaking Code
onlinegamekey. com/MTGT-Auction.php is the page I'm working on.
The problem I'm having is cards with an apostrophe in the name breaks the operation. I am populating the Select Box with the Card Names and those are coming in fine, its not until I try to use the select value to get that specific card data do I have an issue. This query specifically Code: [Select] $quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name ='$cards' Order By Price_Per") or die; I've tried $quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name =" . htmlspecialchars($cards) . " Order By Price_Per") or die; but then I get no data for any card. Here is the page code I'm working with. Code: [Select] <?php $cards = $_POST['cards']; //SELECTING DATA FOR THE DROPDOWN $sql = "Select Card_Name From auctions Group BY Card_Name ASC" or die; $result = mysql_query($sql); ?> <script type="text/javascript"> <!-- var optList; var optsValue = new Array(); var optsText = new Array(); //when the page loads get the original options values and text and store them in arrays window.onload = function() { optList = document.getElementsByTagName("option"); for(var i=0; i<optList.length; i++) { optsValue[i] = optList[i].value; optsText[i] = optList[i].text.toLowerCase(); } } function searchSel(txtSearch) { //clear all the current options document.getElementById("items").options.length = 0; var count = 0; for(var i=0; i < optsValue.length; i=i+1) { if(optsText[i].indexOf(txtSearch.toLowerCase()) == 0) { //match found //add this option to the select list options var newOpt = new Option(optsValue[i],optsText[i],false,false); document.getElementById("items").options[count] = newOpt; count = count+1; } } } function reload(form) { var f1 = document.forms['f1'] var val=f1.cards.options[f1.cards.options.selectedIndex].value; self.location='MTGT-Auction.php?card=' + val ; } //--> </script> <style type="text/css"> body { background-color:#000000; } .row-one { background-color: #666666; font-family: Arial, Helvetica, sans-serif; font-size:12px; font-weight: bold; line-height: 17px; color:#CCFF33; } .row-two { background-color: #333333; font-family: Arial, Helvetica, sans-serif; font-size:12px; font-weight: bold; line-height: 17px; color: #FF0; } .th { background-color:#000000; font-family:Arial, Helvetica, sans-serif; font-size:14px; font-weight:bold; color:#CC0000; padding: 2; } </style> <!-- CREATE FORM & SELECT BOX --> <form method="post" name="f1" action="MTGT-Auction.php"> <select name="cards" id="items"> <option value='0'>Select...</option> <?php while ($row=mysql_fetch_array($result)) { if ($row['Card_Name']==@$cards) { echo "<option selected value='$row[Card_Name]'>$row[Card_Name]</option>"; } else { echo "<option value='$row[Card_Name]'>$row[Card_Name]</option>"; } } ?> </select> <br /> <input type="text" id="txt" value="Card Name?" onfocus="this.value==this.defaultValue?this.value='' :null" onkeyup="searchSel(this.value);" style="color:#000000; font:Arial; font-size:12px; background-color:#e1e1e1;" /> <BR /> <input type="submit" value="Submit" name="submit" /> <input type=button onClick="location.href='MTGT-Auction.php'" value='Reset' /> </form> <!-- CREATE TABLE WHERE DATA GOES --> <table border="1" bordercolor="#000000"> <tr align="center"> <th class="th">Auction ID</th> <th class="th">Card Name</th> <th class="th">Cards Per Auction</th> <th class="th">Auction Price</th> <th class="th">Cost Per Card</th> <th class="th">Date Listed</th> <th class="th">Seller Name</th> </tr> <?php //GET DATA FOR TABLE BASED ON SELECTED CARD & LOOP THROUGH $quer2=mysql_query("SELECT * FROM auctions WHERE Card_Name ='$cards' Order By Price_Per") or die; $i =1; WHILE($row = mysql_fetch_array($quer2)) { if ($i%2 !=0) $rowColor = "class='row-one'"; else $rowColor = "class='row-two'"; echo "<tr $rowColor>" . "<td>" . $row[Auction_ID] . "</td><td>" . $row[Card_Name] . "</td><td>" . $row[Qty_Listed] . "</td><td>" . $row[Price] . "</td><td>" . $row[Price_Per] . "</td><td>" . $row[Date] . "</td><td>" . $row[Seller] . "</td></tr>"; $i++; } //} ?> <?php //QUICK CHECK IS OUR VARIABLE SET??? echo "<font color=\"#FFFFFF\">". $cards . "</font>"; ?> </table> I image this is probably a very common problem & easy fix that has been answered many times, but I haven't found any thing that worked for me so any help.. or links to similar issues would really be appreciated. Thank you, Similar TutorialsHello, im trying to update my database with a paragraph of text in a texbox. The thing is my paragraph has apostrophes Look: Code: [Select] In the run up to the return of the Wilderness, we've released a new wallpaper depicting a green dragon, plus a couple of 'getting started' guides about the Wilderness and free trade. It doesn't want to update my table and it shows the old paragraph. Here is how my update database looks like. <?php if (isset($_POST['Submit'])) { for($i=0;$i<$count;$i++){ $month = $_POST['month']; $date = $_POST['date']; $message = $_POST['message']; $title = $_POST['title']; $monthday = $month[$i]."<br>".$date[$i]; $sql1="UPDATE $tbl_name SET monthday='$monthday', month='$month[$i]', date='$date[$i]', message='$message[$i]', title='$title[$i]' WHERE id='$id[$i]'"; $result1 = mysql_query($sql1); } header("location:update2.php"); } ?> Can someone show me to to make it add the strip slashes to the $message variable. Thanks Alot! What is the best way to break up repeating code? Make each page from a standard template (e.g. Header, Columns, Footer) and include the variable content using PHP?? Or make each page a stripped down PHP page which creates the variable content and then Includes the static parts (e.g. Header, Columns, Footer)?? Hope you follow me?! :-/ Debbie hi gang, I just spent the better part of the day trying to find a way modularize my PHP code. I want to execute a php file and load the results into my main php program. I am not looking to include php source code into my prog and then execute it, I want to execute it and load the results into my prog. I know I can do this if I call a php file via apache: using file(http://ww.site.com/blah.php?parms) but is there a way to do it without using http ? The php file is local - in the same directory. I want something like this: $r = something.php?parms... how do I do this? regards, david Hoping someone can help me on this, but I had some help on getting this code (or part of it) to finally work the way I wanted it, however, there are a few end-user issues with it now. What this code does is disables the user(s) from posting any kind of links (www.example.com or example.com). However, now I'm trying to....expand it a little I guess. Here is the current code: Code: [Select] if (stristr($pagetext, 'http://') OR stristr($pagetext, 'www.') OR stristr($pagetext,'@') OR stristr($pagetext, '[URL') OR stristr($pagetext, '[url') OR stristr($pagetext, '[IMG') OR stristr($pagetext, '[img') OR preg_match("#[a-z0-9]([-a-z0-9]+)?(\.[a-z]{2,3})?(\.[a-z]{2,4})#i", $pagetext)) { more code here } Now, I KNOW what most of that code does, but what I need, is what exactly this code does: Code: [Select] preg_match("#[a-z0-9]([-a-z0-9]+)?(\.[a-z]{2,3})?(\.[a-z]{2,4})#i", $pagetext)Can anyone break this down and tell me what exactly does what? Thanks in advance I have gold data being reported here goldprices.org.uk (scroll down near the bottom). Recently it broke for no apparent reason. I checked the scraper and everything seems to be OK. The issue is that the gold price in (troy) ounces is being scraped fine - however to work out the price in grams you must multiply by 0.0321 (grams in a troy ounce). The code looks like this: Code: [Select] $ounce_price = null; $grams_price = null; if(count($nodes) == 1 && $nodes[0][1]) { $ounce_price = $nodes[0][1]; $grams_price = $ounce_price * 0.0321; However $ounce_price * 0.0321 breaks the code and returns '0.0321'. I then tried the code: Code: [Select] $ounce_price = null; $grams_price = null; if(count($nodes) == 1 && $nodes[0][1]) { $ounce_price = $nodes[0][1]; $grams_price = $ounce_price + 1; And the code returned the value '2'. So it appears that when $ounce_price is being multiplied/subtracted etc it reverts to a value of '1'. However if I do $grams_price = $ounce_price the value is the correct ounce price. I'm so confused as to why when adding an equation to $ounce_price the value reverts to '1' as opposed to equalling the correct number. Any help here would be HUGELY appreciated - I've been stuck for several days and only just decided to ask online :s Nick This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=343488.0 Hello everyone, I am trying to see if a term, sent from a form, is in an array that has been pulled from the database. The problem I am having is that while the terms look the same the one from the database is using an Ascii character for a forward slash. & # 047 ; I have tried adding the Ascii to the form value but it just rendered as a forward slash (no surprises there I suppose) So the main reason for asking is that for all the other items in the form I can use in_array. This keeps things really tidy and easy to use. Any ideas how I can still use in_array and get around the Ascii problem? Cheers Ian after cloasing connection of database i still got the values form database. Code: [Select] <?php session_start(); /* * To change this template, choose Tools | Templates * and open the template in the editor. */ require_once '../database/db_connecting.php'; $dbname="sahansevena";//set database name $con= setConnections();//make connections use implemented methode in db_connectiong.php mysql_select_db($dbname, $con); //update the time and date of the admin table $update_time="update admin set last_logged_date =CURDATE(), last_log_time=CURTIME() where username='$uname'limit 3,4"; //my admin table contain 5 colums they are id, username,password, last_logged_date, last_log_time $link= mysql_query($update_time); // mysql_select_db($dbname, $link); //$con=mysql_connect('localhost', 'root','ijts'); $result="select * from admin where username='a'"; $result=mysql_query($result); mysql_close($con); //here i just check after closing data baseconnection whether i do get reselts but i do, why? echo "after the cnnection was closed"; if(!$result){ echo "cont fetch data"; }else{ $row= mysql_fetch_array($result); echo "id".$row[0]."usrname".$row[1]."passwped".$row[2]."date".$row[3]."time".$row[4]; } // echo "<html>"; //echo "<table border='1' cellspacing='1' cellpadding='2' align='center'>"; // echo "<thead>"; // echo"<tr>"; // echo "<th>"; // echo ID; // echo"</th>"; // echo" <th>";echo Username; echo"</th>"; // echo"<th>";echo Password; echo"</th>"; // echo"<th>";echo Last_logged_date; echo "</th>"; // echo "<th>";echo Last_logged_time; echo "</th>"; // echo" </tr>"; // echo" </thead>"; // echo" <tbody>"; //while($row= mysql_fetch_array($result,MYSQL_BOTH)){ // echo "<tr>"; // echo "<td>"; // echo $row[0]; // echo "</td>"; // echo "<td>"; // echo $row[1]; // echo "</td>"; // echo "<td>"; // echo $row[2]; // echo "</td>"; // echo "<td>"; // echo $row[3]; // echo "</td>"; // echo "<td>"; // echo $row[4]; // echo "</td>"; // echo "</tr>"; // } // echo" </tbody>"; // echo "</table>"; // echo "</html>"; session_destroy(); session_commit(); echo "session and database are closed but i still get values from doatabase session is destroyed".$_SESSION['admin']; ?> session is destroyed but database connection is not closed. thanks Hi. Apologies in advance if this is a stupid question, but hoping someone can help. I'm trying to help a friend who is running a photo gallery script on his website. The developer of the script is not supporting it any longer and I have limited php knowledge. I've been told by his ISP that the script will only work on PHP version 5.6. The problem he has is that when he is adding descriptions to the photos via a back end form, if he uses an apostrophe as in O'Sullivan for example, when he saves the entry, the description text does not show at all. This seems to be a conflict with the php language. Is there a line of code that I can add to the config file or somewhere that will get around this problem? Thanks in advance for any help you can give. i have a textarea in my form. If my validation script detects an error it will send it to the same page with what they had in that textarea encoded in the url. The script detects the $_GET['variable'], decodes it, and stores it as the default in the textarea so they don't have to retype it all again. The problem is the apostrophes add 7 slashes when it gets added back to the textarea. heres the relevant snippets.. Code: [Select] <?php function clean_post($variable) { $cxn = mysqli_connect($host,$user,$passwd,$dbname) or (mysqli_error($cxn)); return mysqli_real_escape_string($cxn, strip_tags($variable)); } $description = clean_post($_POST['description']); $description = str_replace(array('\r\n', '\r', '\n'), ' ', $description); $description = urlencode($description); $base = "http://mywebsite.com/"; $url = $base."?mm=1&tt=".$description; $location = "Location:".$url; die(header($location)); and then to output it in the textarea Code: [Select] <?php $tt = urldecode(strip_tags($_GET['tt'])); <textarea id=location name=location maxlength="140" > <?php echo $tt; ?> </textarea> and this is what my url ends up looking like http://mysite.com/wordpress/?mm=3&tt=what\\\%27s+the+deal%3F and this ends up in my textarea "what\\\\\\\'s the deal?" I am inserting last names into the database using mysql_real_escape_string(), and outputting the data into a textbox using addslashes(). When I try to display O'Brian "O\" is displayed in the text box. The name is saved corretly as O'Brian in the database. I am printing the string like this: Code: [Select] echo "<input type='text' value='" . addslashes($customer['lName']) . "' blah blah..."; anybody have any ideas? this is my coding can anyone see what is wrong with it? $total = mysql_query("SELECT * FROM comments WHERE id=0"); $temp=0; while ($array=mysgl_fetch_assoc($total)) { $temp+=$array[clicks]; } echo "$total Clicks\n"; Code: [Select] <?php include("config.php"); $sql=mysql_query("SELECT * FROM uudised ORDER BY id DESC LIMIT 0,5") or die(mysql_error()); $x=0; while($row=mysql_fetch_array($sql)) { echo ($x+1).') '.$row['uudis'].'<br />'; $x++; } ?>Hey how should i get more data from uudised i want get date_added also but how i should do I am trying to insert product descriptions into a mysql database, however they are failing because of apostrophes in the text. How do I fix this? Everything is working fine except $productdescription $ProductDescription contains, "Record In Stereo Sound, Then Play Back Your Videos Instantly On You Computer. The Sx130 Is Is All About Creativity, With Fun New Scene Modes Like Miniature Effect For Movies, And Fisheye Effect For Artistically Distorted Stills. While You're Having Fun Creating, The Camera's Smart Flash Exposure And Advanced Smart Auto Systems Are Ensuring That Every Image Is The Best It Can Be. Add The Digic 4 Image Processor, 12.1 Megapixels And Canon's Optical Image Stabilizer, And You've Got The Ideal Camera For Making The Good Times Last." SQL Error on insert, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 're Having Fun Creating, The Camera's Smart Flash Exposure And Advanced Smart Aut' at line 1 " Code: [Select] mysql_select_db("testdb") or die(mysql_error()); mysql_query ("INSERT INTO product (merchantname, producttitle, productdescription, gtin, availability, price) VALUES ('$merchantname[1]','$producttitle[1]','$productdescription[1]','$gtin[1]',''$availability[1]','$price[1]')"); Hi All, I'm working on an X-Cart site. Looking through the pages, any page with an apostrophe in the content is being loaded as an � instead. The sites' char set is UTF-8. Changing it to ISO then creates an issue in itself with bulleted lists. Just wondering if anyone has had the problem in the past and if they have solved it? Any help appreciated. Cheers This is driving me nuts and I'm hoping someone can help me figure it out. I have a site with PHP/MySQL. I have a form where people can submit a comment. This comment then goes into a MySQL database and gets displayed back on another page of the website. NOTE: I put this question in the PHP Forum because I think the problem is happening somewhere BEFORE the info gets entered into MySQL. But of course, I could be wrong. The problem is that some of the comments are coming in with a "\" in front of apostropes, but NOT ALL OF THEM (which is really confusing me). For example, someone entered this comment which shows in the MySQL database exactly like this... I predict Lena's gonna win a lifetime Grammy. It's long overdue. Someone else entered a comment which shows in the MySQL database exactly like this... can\\\'t wait to see first pics of the next addition. Congrats! They both have apostrophes in them, but only that second one added those slashes (and 3 of them for some reason). There are more instances of this where some comments have the slashes before the apostrophe and some don't. Anyone know what might be causing this seemingly random insertion of slashes? Hi all, I've made a page the variables are being recieved and echo'd ok, however they are not being inserted into the database. below is the file with the insert statement. any help really appreciated. MsKazza Code: [Select] <?php // Database connect $con = mysql_connect("mysql1.myhost.ie","admin_book","root123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("book_test", $con); $orderid=$_GET['orderid']; //Parse Values from Coupon.php Form $orderid = mysql_real_escape_string(trim($_POST['orderid'])); $design = mysql_real_escape_string(trim($_POST['design'])); $childname = mysql_real_escape_string(trim($_POST['childname'])); $address = mysql_real_escape_string(trim($_POST['address'])); echo $orderid; echo $design; echo $childname; echo $address; $sql="INSERT INTO details (orderid, design, childname, address) VALUES ('$orderid','$design','$childname','$address')"; ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Digital Scribe Books</title> <link href="style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript"> function MM_preloadImages() { //v3.0 var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_swapImgRestore() { //v3.0 var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_swapImage() { //v3.0 var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3) if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];} } </script> </head> <body onload="MM_preloadImages('images/buttons/home_over.png','images/buttons/books_over.png','images/buttons/cards_over.png','images/buttons/letters_over.png')"> <div id="snow"> <div id="wrapper"> <div id="header"> <div id="logo"><img src="images/digital_scripe.png" width="218" height="91" /></div> <div id="menu"><a href="index.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Home','','images/buttons/home_over.png',1)"><img src="images/buttons/home_act.png" name="Home" width="131" height="132" border="0" id="Home" /></a><a href="books.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Books','','images/buttons/books_over.png',1)"><img src="images/buttons/books_act.png" name="Books" width="131" height="132" border="0" id="Books" /></a><a href="cards.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Cards','','images/buttons/cards_over.png',1)"><img src="images/buttons/cards_act.png" name="Cards" width="131" height="132" border="0" id="Cards" /></a><a href="letters.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Letters','','images/buttons/letters_over.png',1)"><img src="images/buttons/letters_act.png" name="Letters" width="131" height="132" border="0" id="Letters" /></a></div> </div> <div id="content"> <div id="info_bar"><br /><br /><br /> <p>Your personal order number is:</p><br /> <br /> <p>Please fill out the details of where you would like your order to be shipped to.</p> </div> <form action="card_paynow.php" method="POST" name="custdetails" id="custdetails"> <table width="60%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="19%">orderid</td> <td width="81%"><input name="orderid" type="hidden" value="<? echo $orderid; ?>"></td> </tr> <tr> <td>name</td> <td><input name="name" type="text" id="name"></td> </tr> <tr> <td>surname</td> <td><input name="surname" type="text" id="surname"></td> </tr> <tr> <td>address 1 </td> <td><input name="add1" type="text" id="add1"></td> </tr> <tr> <td>address 2 </td> <td><input name="add2" type="text" id="add2"></td> </tr> <tr> <td>town</td> <td><input name="town" type="text" id="town"></td> </tr> <tr> <td>county</td> <td><input name="county" type="text" id="county"></td> </tr> <tr> <td>postcode</td> <td><input name="postcode" type="text" id="postcode"></td> </tr> <tr> <td>number</td> <td><input name="phone" type="text" id="phone"></td> </tr> <tr> <td>email</td> <td><input name="email" type="text" id="email"></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Continue..."></td> </tr> <tr> <td> </td> <td> </td> </tr> </table> </form> </div> <div id="footer" class="clear"><div id="sign"><div id="sign_text">Personalised<br /> Books</div> </div></div> </div></div> </body> </html> Hi guys, I am building a website with basic e-commerce functionality, using php and using xampp to test it. I am having issues when attempting to submit a quantity (into table orders) using a form and validating it against an existing value (from table products), giving a response on whether there is sufficient quantity in the second table. I am then, in another page (same one performing the validations), attempting to then show a result based on the initial quantity entered, with a summary of the order details and calculation of the quantity * price to display a total as well. This has all been built from scratch, however I may have taken the wrong approach for these two pages... any assistance or insight as to where I am going wrong would be greatly appreciated. Here is the page I have placed the products, existing quantity and a text field they are able to enter their desired quantity: Code: [Select] <?php session_start(); require_once "../database/db.php"; require_once "../includes/functions.php"; $page_title = 'Product Catalogue'; include_once "header.php"; $conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname); $query = "SELECT * from products"; $result = mysqli_query($conn, $query); if (!$result) { include_once "header.php"; die ("Error, could not query the database"); } else { $rows = mysqli_num_rows($result); if ($rows>0) { while ($row = mysqli_fetch_array($result)) { ?> <form> <br /> <br /> <br /> <table> <tr> <td style="width: 200px">Product Code:</td> <td><?php echo $row['ProductCode']; ?></td> </tr> <tr> <td>Product Name:</td> <td><?php echo $row['ProductName']; ?></td> </tr> <tr> <td>Product Description:</td> <td><?php echo $row['ProductDescription']; ?></td> </tr> <tr> <td>Product Colour:</td> <td><?php echo $row['ProductColour']; ?></td> </tr> <tr> <td>Product Price:</td> <td>$<?php echo number_format($row['ProductPrice'],2); ?></td> </tr> <tr> <td>Product Image:</td> <td><img src="<?php echo $row['ProductImagePath']?>"/></td> </tr> <tr> <td>Quantity in Stock:</td> <td><?php echo $row['ProductQuantity']; ?></td> </tr> </table> </form> <form method="post"action="processQuantity.php"> <table> <tr> <td style="width: 200px">Quantity:</td> <td><input type="number" name="Quantity" id="Quantity" value="<?php if (isset ($quantity)) echo $quantity; ?>"size = "20" /></td> <td><input type="submit" name="Purchase" value= "Purchase" /></td> </tr> </table> </form> <hr /> <?php } include "footer.html"; } } ?> Here is the page that I am using to validate the data as well as show a result based on the entered amount: Code: [Select] <?php session_start(); require_once "../includes/functions.php"; require_once "../database/db.php"; $quantity = $_POST['Quantity']; $productquantity = $_POST['ProductQuantity']; $orderid = $_POST['orderid']; $productcode = $_POST['productcode']; $productprice = $_POST['productprice']; $total = $quantity * $productprice; $error_message = ''; if ($error_message != '') { include_once "displayCatalogue-PlaceOrder.php"; exit(); $conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname); if (!$conn) { echo "Error"; } else { //sanitise date $scustomerid = sanitiseMySQL($customerid); $sproductcode = sanitiseMySQL($productcode); $squantity = sanitiseMySQL($quantity); $sproductprice = sanitiseMySQL($productprice); $sorderdate = sanitiseMySQL($orderdate); $query = "select productquantity from products where productcode = '$sproductcode'"; $result = msqli_query ($conn, $query); $productquantity = mysqli_num_rows($result); if ($quantity < $productquantity) { $error_message = "You cannot order more than what is currently instock"; include_once "displayCatalogue-PlaceOrder.php"; exit (); } else { $row = mysqli_fetch_row($result); $query = "INSERT into orders (customerid, productcode, quantity, productprice, orderdate) values ('$scustomerid', $sproductcode', '$squantity', '$sproductprice', '$sorderdate')"; $result = mysqli_query($conn, $query); $row = mysqli_affected_rows($conn); if ($row > 0) { include "header.php";?> <h3>Order Confirmation</h3> <p>Thank you, your order is now being processed.</p> <table> <tr> <td style="width: 200px">Order Number:</td> <td><?php echo $orderid; ?></td> </tr> <tr> <td>Product Code:</td> <td><?php echo $productcode; ?></td> </tr><tr> <td>Quantity:</td> <td><?php echo $quantity; ?></td> </tr> <tr> <td>Price:</td> <td><?php echo $productPrice; ?></td> </tr> <tr> <td>Total Cost of Order:</td> <td><?php echo $total; ?></td> </tr> </table> <?php include "footer.html"; } else { $error_message ="Error placing your order, please try again"; include "displayCatalogue-PlaceOrder.php"; exit(); } } } } //this is used to validate the quantity entered against what is available in the database ?> Ok so I have a website with two types of photo gallerys. Model Cars and Model Planes. The galleries are becoming so big that I need to add an archive link to the galleries, but it's messy to have the archive link there until we actually enable the archived photos. So what I want to do is show the DIV with the archive link in it if the page can find database a 1 in the model_pictures.car_gallery AND model_pictures.archive. How would I achieve this? The page is already connected to the database as it's pulling the images and information for the gallery. I need it to scan the entire 'archive' column in the database and also the 'car_gallery' and if it finds 1's in there AND the car_gallery then to show the link. What I would like to avoid, as I have two galleries, is having the archive link show on the car gallery when it finds a 1 in the archives column, but that archive is for a plane_gallery photo. Hence why I would like to have check both car_gallery + archive and then plane_gallery + archive. Any help would be greatly appreciated. Hi everyone. I have a registration form on my website that returns errors if the form isnt filled out correctly. An example of the code that returns the errors is: // if first name is blank return error if (!$first_name) { echo "Please enter your first name!<br />"; } // if first name contains invalid charcters return error if (preg_match('/[^a-zA-Z\s]/', $first_name)) { echo "Your first name contains invalid charcters!<br />"; } // set first name maximum length if ($first_name && !preg_match('/[^a-zA-Z0-9\s]/', $first_name)) { if (strlen($first_name) >25) { echo "The maximum length for first name is 25 characters!<br />"; } } Iv wrote it like this so that i can get multiple error messages appearing at the same time. When it comes to writing the form data to the database im using the following: if ($first_name && !preg_match('/[^a-zA-Z\s]/', $first_name) && strlen($first_name) <26 && $last_name && !preg_match('/[^a-zA-Z\s]/', $last_name) && strlen($last_name) <26 && $dob_day != "Day" && $dob_month != "Month" && $dob_year != "Year" && $gender != "Select" && $email && filter_var($email, FILTER_VALIDATE_EMAIL) && $confirm_email && $email == $confirm_email && $email_count == 0 && $town && !preg_match('/[^a-zA-Z0-9\s]/', $town) && strlen($town) < 26 && $location != "Select" && $postcode && !preg_match('/[^a-zA-Z0-9\s]/', $postcode) && $username && !preg_match('/[^a-zA-Z\s]/', $username) && strlen($username) >2 && strlen($username) <25 && $username_count == 0 && $password && strlen($password) >5 && strlen($password) <26 && $confirm_password && $password == $confirm_password) { // code to write to database here } I was wondering if there was a better way to confirm that all the form data is ok, and if so write the data to the database? Im new to php and would love to learn a way to make this easier instead of typing out loads of lines of code. Thanks to anyone that can help me. |
|||||||