SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: COUNTING

  1. #1
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    323
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    COUNTING

    i am trying to check if an item is already on the data base, and if there is it should prompt the user with the information to add the product,but it seem to be tricky and i am not getting it.


    this is the mark up below

    PHP Code:
    <?php
    require_once("include/session.php");
    require_once(
    "include/dataconnect.php"); 
    require_once(
    "include/functions.php");
    //print_r($_POST);
    //$_GET["product"]
    $Sname $_GET["merchant"];
    $Pname $_GET["product"];
    $Pidno $_GET["id"];
    //echo "$product";
    $Pquantity "1";
    $Weblink $_GET["url"];
    $Price $_GET["price"];
    $tprice $Price $Pquantity;
    $date date("Y-m-d");
    //$_SESSION['username'] = $_SESSION['username'];
    //echo $_SESSION['username'];
    //print
    //htmlentities($_GET["price"],ENT_QUOTES);
    if($_SESSION['username'])
                                {
    $repeatheck mysql_query("SELECT * FROM addingprod WHERE Uname = '{$_SESSION['username']}' AND Pidno ='$Pidno' AND Sname='$Sname'");
        
    $count mysql_num_rows($repeatheck);
    if(
    $count=1)
                                {
        die (
    'A PRODUCT ALREADY IN ORDER FORM PLEASE ADD TO YOUR SHOPPING LIST TO CONTINUE, <a href="youraccount.php">CLICK TO GO BACK TO YOUR LIST</a>');
                                }
    else
                            {
    $queryreg mysql_query("
    INSERT INTO addingprod VALUES ('','
    $Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$comment','$tprice','$date','{$_SESSION['username']}')
    "
    )or die(mysql_error());
    redirect_to('youraccount.php');
                            }
                            }
    else
                            {
    echo 
    "<a href='reregister.php'> REGISTER</a> so as to be able to use the order form";
    }
    ?>
    please any idea.as all idea i tried, just kept returning the warning, even as no data is in the database

    i have used if($count==1), and it worked, but after adding the product it is not redirecting to the / redirect_to('youraccount.php');/ page

  2. #2
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    323
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    i have sorted it thank you

  3. #3
    Community Advisor bronze trophy
    fretburner's Avatar
    Join Date
    Apr 2013
    Location
    Brazil
    Posts
    1,405
    Mentioned
    45 Post(s)
    Tagged
    12 Thread(s)
    I notice you're using the mysql functions in your code - you should be aware that the mysql extension has been depreciated (and will be removed from PHP) so you should think about changing to the mysqli or PDO extension.

    Your code is also wide open to SQL injection attacks - even if you do nothing else, at the minimum you should use mysql_real_escape_string to escape any data that comes from external sources (e.g. $_GET/$_POST) before using it in a DB query.

  4. #4
    SitePoint Addict
    Join Date
    Oct 2010
    Posts
    323
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by fretburner View Post
    I notice you're using the mysql functions in your code - you should be aware that the mysql extension has been depreciated (and will be removed from PHP) so you should think about changing to the mysqli or PDO extension.

    Your code is also wide open to SQL injection attacks - even if you do nothing else, at the minimum you should use mysql_real_escape_string to escape any data that comes from external sources (e.g. $_GET/$_POST) before using it in a DB query.
    fret i had a look at the manual ,is changing to the new ext a function of changing mysql to mysqli like
    PHP Code:
    $repeatheck mysqli_query("SELECT * FROM addingprod WHERE Uname = '{$_SESSION['username']}'");
        
    $count mysqli_num_rows($repeatheck);
    if(
    $count==1)
                                {
        die (
    'A PRODUCT ALREADY IN ORDER FORM PLEASE ADD TO YOUR SHOPPING LIST TO CONTINUE, <a href="youraccount.php">CLICK TO GO BACK TO YOUR LIST</a>');
                                }
    else
                            {
    $queryreg mysqli_query("
    INSERT INTO addingprod VALUES ('','
    $Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$comment','$tprice','$date','{$_SESSION['username']}')
    "
    )or die(mysqli_error()); 

  5. #5
    Community Advisor bronze trophy
    fretburner's Avatar
    Join Date
    Apr 2013
    Location
    Brazil
    Posts
    1,405
    Mentioned
    45 Post(s)
    Tagged
    12 Thread(s)
    It's a little bit different, as with the mysqli extension you have to pass your connection as the first argument when calling the query function. Take a look at this example from the manual to see what I mean:
    PHP Code:
    $mysqli mysqli_connect("example.com""user""password""database");
    $res mysqli_query($mysqli"SELECT 'Please, do not use ' AS _msg FROM DUAL");
    $row mysqli_fetch_assoc($res); 

  6. #6
    SitePoint Enthusiast
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    88
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You MUST use "if ($count == 1)". That's the correct syntax, not what you show here. So fix that and then display count in your error message to see what you are getting. What is wrong is probably the use of the session var as the arg in your query. Store the session var into a local var and simplify your query by doing this:

    Code:
    $uname = $_SESSION['username']
    then in the query:
    Uname='$uname'


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •