SitePoint Sponsor

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 60
  1. #26
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    I don't get the "Returned Error" message. No row is returned.

    Thank you.

  2. #27

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No "Returned Error" message is fine, because it means your query actually works. However when no rows are returned your query is not working with the right values, which explains why mysql_result() doesnt work (how should it without any results). You need to ensure that your SELECT query actually passes available values for gsmtype and amount.

  3. #28
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    I don't get a "Returned Error" message. No row is returned.

    Thank you

  4. #29

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you already said that

  5. #30
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    drzoid,

    Sorry it was a mistake. Here is my code again:

    <BODY background="images/ricebk.jpg">
    <center>
    <table width=600>
    <tr>
    <td width=500><font size=9 color="olive"><b><center>HelloMobile</center></b></font></td>
    </tr>
    </table>
    </center>
    <hr color = "olive" width=700>
    <?php
    include("dbconnect.inc.php");
    include("is_email_valid.php");
    $username = $_POST['username'];
    $password = $_POST['password'];
    $email = $_POST['email'];
    $phonenumber = $_POST['phonenumber'];
    $type = $_POST['elmType'];
    $amount = $_POST['elmAmounts'];
    if (empty($username))
    {
    echo "Please enter your User Name. It is required";
    exit;
    }
    if (empty($password))
    {
    echo "Please enter your Password. It is required";
    exit;
    }
    if (empty($email))
    {
    echo "Please enter your Email Address. It is required";
    exit;
    }
    if (empty($phonenumber))
    {
    echo "Please enter your Phone Number. It is required";
    exit;
    }
    if (empty($type))
    {
    echo "Please enter GSM Type. It is required";
    exit;
    }
    if (empty($amount))
    {
    echo "Please enter Amount. It is required";
    exit;
    }
    $pass = mysql_query("SELECT * FROM tblPass WHERE username='$username' AND password='$password'");
    while ($row=mysql_fetch_array($pass)){
    if(($row["password"]==$password) and ($row["username"]==$username)){
    $query = "insert into tblOrder
    (username, password, email, phonenumber, type, amount) values
    ('$username','$password','$email','$phonenumber','$type', '$amount')";
    mysql_query($query) or
    die(mysql_error());
    $result = mysql_query("SELECT pin FROM tblGsm WHERE gsmtype ='$gsmtype' AND amount='$amount' LIMIT 1") or exit('Returned Error: '.mysql_error());
    $pin=mysql_result($result, 0);
    mysql_query('DELETE FROM tblGsm WHERE pin='.$pin);
    echo "<b>Thank you for placing your order. Your entries are/b>:";
    echo "<p>";
    echo "<b>email/b> $email <br>";
    echo "<b>Phone Number/b> $phonenumber<br>";
    echo "<b>GSM type: </b>$type<br>";
    echo "<b>Amount: </b>$amount<br>";
    echo "<p>";
    echo "<b>Receipt of transaction has been sent to $email/b><br><? echo $email; ?>";
    $transdate = date("d F, Y g:i a");
    $mailTo = "$email";
    $subject = "Thank you for patronising us";
    $mailHeader = "From: $email";
    $message = "Your PIN Number is $pin. You bought $type worth $amount on the $transdate";
    mail($mailTo, $subject, $message, $mailHeader);
    ?>
    <p>
    <A HREF="index.htm">Click here to go to the Home Page</a>
    <?php
    exit;
    ?>
    <?PHP
    }
    else
    {
    }
    }
    ?>
    <b>Sorry, we don't have a member with that username and password in our records, <br>please try again and double check the data you entered.</b>
    <A HREF="order.htm">Try again</a>

  6. #31

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Having your code again doesnt help much. At this point I cant say much more than I already did.

    Quote Originally Posted by drzoid
    No "Returned Error" message is fine, because it means your query actually works. However when no rows are returned your query is not working with the right values, which explains why mysql_result() doesnt work (how should it without any results). You need to ensure that your SELECT query actually passes available values for gsmtype and amount.
    By the way, I am missing the echo statement after mysql_query() I proposed, so how can you know no rows are returned?

  7. #32
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok. I have inserted it and this is what I got from the browser:

    0 rows were returned for query 'SELECT pin FROM tblGsm WHERE gsmtype ='' AND amount='1000' LIMIT 1'
    Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 6 in /home/hellomob/public_html/order.php on line 59

    Thank you.

  8. #33
    SitePoint Addict launchcode's Avatar
    Join Date
    Dec 2004
    Location
    Bristol, UK
    Posts
    259
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your code is wrong:

    PHP Code:
    $result mysql_query("SELECT pin FROM tblGsm WHERE gsmtype ='$gsmtype' AND amount='$amount' LIMIT 1") or exit('Returned Error: '.mysql_error()); 
    Nowhere in your code do you ever set $gsmtype to anything at all - so your query will never work. Should it just be $type instead? Try it and see.

    Cheers,

    Rich
    Richard Davey

    Launchcode
    PHP Security Guide. Think your scripts are secure? Think again.

  9. #34

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The following should work, your SQL query was referencing to $gsmtype instead of $type .... renamed $type to $gsmtype
    HTML Code:
    <BODY background="images/ricebk.jpg">
    <center>
    <table width=600>
    <tr>
    <td width=500><font size=9 color="olive"><b><center>HelloMobile</center></b></font></td>
    </tr>
    </table>
    </center>
    <hr color = "olive" width=700>
    <?php
        include("dbconnect.inc.php");
        include("is_email_valid.php");
    
        $username = $_POST['username'];
        $password = $_POST['password'];
        $email = $_POST['email'];
        $phonenumber = $_POST['phonenumber'];
        $gsmtype = $_POST['elmType'];
        $amount = $_POST['elmType'];
    
        if (empty($username))
        {
            echo "Please enter your User Name. It is required";
            exit;
        }
    
        if (empty($password))
        {
            echo "Please enter your Password. It is required";
            exit;
        }
    
        if (empty($email))
        {
            echo "Please enter your Email Address. It is required";
            exit;
        }
    
        if (empty($phonenumber))
        {
            echo "Please enter your Phone Number. It is required";
            exit;
        }
    
        if (empty($type))
        {
            echo "Please enter GSM Type. It is required";
            exit;
        }
    
        if (empty($amount))
        {
            echo "Please enter Amount. It is required";
            exit;
        }
    
        $pass = mysql_query("SELECT * FROM tblPass WHERE username='$username' AND password='$password'");
        while ($row=mysql_fetch_array($pass))
        {
            if(($row["password"]==$password) and ($row["username"]==$username))
            {
                $query = "insert into tblOrder (username, password, email, phonenumber, type, amount) values ('$username','$password','$email','$phonenumber','$type', '$amount')";
                mysql_query($query) or die(mysql_error());
                $result = mysql_query("SELECT pin FROM tblGsm WHERE gsmtype ='$gsmtype' AND amount='$amount' LIMIT 1") or exit('Returned Error: '.mysql_error());
                $pin=mysql_result($result, 0); 
                mysql_query('DELETE FROM tblGsm WHERE pin='.$pin); 
                echo "<b>Thank you for placing your order. Your entries are:</b>:";
                echo "<p>";
                echo "<b>email:</b> $email <br>";
                echo "<b>Phone Number:</b> $phonenumber<br>";
                echo "<b>GSM type: </b>$type<br>";
                echo "<b>Amount: </b>$amount<br>";
                echo "<p>";
                echo "<b>Receipt of transaction has been sent to $email:</b><br><? echo $email; ?>";
                $transdate = date("d F, Y g:i a"); 
                $mailTo = "$email";
                $subject = "Thank you for patronising us";
                $mailHeader = "From: $email";
                $message = "Your PIN Number is $pin. You bought $type worth $amount on the $transdate"; 
                mail($mailTo, $subject, $message, $mailHeader);
        ?>
    <p>
    <A HREF="index.htm">Click here to go to the Home Page</a>
    <?php
                exit;
            } 
        }
    ?>
    ?>
    <b>Sorry, we don't have a member with that username and password in our records, <br>please try again and double check the data you entered.</b>
    <A HREF="order.htm">Try again</a>

  10. #35
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    The script is working now. I thought I was using $gsmtype all along.

    Thank you so much for your patient and edurance with me. I am very greatful.

    Can't forget you. God Bless you.

  11. #36
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    Its working like I said earlier. I want it to return a "Not Available" when a particular gsmtype and amount is not available.

    Thank you.
    Last edited by Fredrick Ughimi; Jan 21, 2005 at 05:39.

  12. #37

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Something like that?
    PHP Code:
    <BODY background="images/ricebk.jpg">
    <center>
    <table width=600>
    <tr>
    <td width=500><font size=9 color="olive"><b><center>HelloMobile</center></b></font></td>
    </tr>
    </table>
    </center>
    <hr color = "olive" width=700>
    <?php
        
    include("dbconnect.inc.php");
        include(
    "is_email_valid.php");

        
    $username $_POST['username'];
        
    $password $_POST['password'];
        
    $email $_POST['email'];
        
    $phonenumber $_POST['phonenumber'];
        
    $gsmtype $_POST['elmType'];
        
    $amount $_POST['elmType'];

        if (empty(
    $username))
        {
            echo 
    "Please enter your User Name. It is required";
            exit;
        }

        if (empty(
    $password))
        {
            echo 
    "Please enter your Password. It is required";
            exit;
        }

        if (empty(
    $email))
        {
            echo 
    "Please enter your Email Address. It is required";
            exit;
        }

        if (empty(
    $phonenumber))
        {
            echo 
    "Please enter your Phone Number. It is required";
            exit;
        }

        if (empty(
    $type))
        {
            echo 
    "Please enter GSM Type. It is required";
            exit;
        }

        if (empty(
    $amount))
        {
            echo 
    "Please enter Amount. It is required";
            exit;
        }

        
    $result mysql_query("SELECT pin FROM tblGsm WHERE gsmtype ='$gsmtype' AND amount='$amount' LIMIT 1") or exit('Returned Error: '.mysql_error());
        if (
    mysql_num_rows($result)<1)
        {
            echo 
    'Not available';
            exit;
        }
        
    $pin=mysql_result($result0); 

        
    $pass mysql_query("SELECT * FROM tblPass WHERE username='$username' AND password='$password'");
        if (
    mysql_num_rows($pass)>0)
        {
            
    $query "insert into tblOrder (username, password, email, phonenumber, type, amount) values ('$username','$password','$email','$phonenumber','$type', '$amount')";
            
    mysql_query($query) or die(mysql_error());

            
    mysql_query('DELETE FROM tblGsm WHERE pin='.$pin); 

            echo 
    "<b>Thank you for placing your order. Your entries are:</b>:";
            echo 
    "<p>";
            echo 
    "<b>email:</b> $email <br>";
            echo 
    "<b>Phone Number:</b> $phonenumber<br>";
            echo 
    "<b>GSM type: </b>$type<br>";
            echo 
    "<b>Amount: </b>$amount<br>";
            echo 
    "<p>";
            echo 
    "<b>Receipt of transaction has been sent to $email:</b><br><? echo $email; ?>";

            
    $transdate date("d F, Y g:i a"); 
            
    $mailTo "$email";
            
    $subject "Thank you for patronising us";
            
    $mailHeader "From: $email";
            
    $message "Your PIN Number is $pin. You bought $type worth $amount on the $transdate"
            
    mail($mailTo$subject$message$mailHeader);
    ?>
    <p>
    <A HREF="index.htm">Click here to go to the Home Page</a>
    <?php
            
    exit;
        } 
    ?>
    ?>
    <b>Sorry, we don't have a member with that username and password in our records, <br>please try again and double check the data you entered.</b>
    <A HREF="order.htm">Try again</a>
    I changed the code a bit. You dont need the while loop, as you wont get any row when the username/password combination does not match.

    One thing to consider is, your code is entirely vulnerable to malicious SQL attacks (unless you have magic_quotes_gpc on, which I cant know ). You should definitely use mysql_escape_string() on your POST values.

  13. #38

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some minor changes and a fixed closing PHP tag
    PHP Code:
    <BODY background="images/ricebk.jpg"> 
    <center> 
    <table width=600> 
    <tr> 
    <td width=500><font size=9 color="olive"><b><center>HelloMobile</center></b></font></td> 
    </tr> 
    </table> 
    </center> 
    <hr color = "olive" width=700> 
    <?php 
        
    include("dbconnect.inc.php"); 
        include(
    "is_email_valid.php"); 

        
    $username $_POST['username']; 
        
    $password $_POST['password']; 
        
    $email $_POST['email']; 
        
    $phonenumber $_POST['phonenumber']; 
        
    $gsmtype $_POST['elmType']; 
        
    $amount $_POST['elmType']; 

        if (empty(
    $username)) 
        { 
            echo 
    "Please enter your User Name. It is required"
            exit; 
        } 

        if (empty(
    $password)) 
        { 
            echo 
    "Please enter your Password. It is required"
            exit; 
        } 

        if (empty(
    $email)) 
        { 
            echo 
    "Please enter your Email Address. It is required"
            exit; 
        } 

        if (empty(
    $phonenumber)) 
        { 
            echo 
    "Please enter your Phone Number. It is required"
            exit; 
        } 

        if (empty(
    $type)) 
        { 
            echo 
    "Please enter GSM Type. It is required"
            exit; 
        } 

        if (empty(
    $amount)) 
        { 
            echo 
    "Please enter Amount. It is required"
            exit; 
        } 

        
    $result mysql_query("SELECT pin FROM tblGsm WHERE gsmtype ='$gsmtype' AND amount='$amount' LIMIT 1") or exit('Returned Error: '.mysql_error()); 
        if (
    mysql_num_rows($result)<1
        { 
            echo 
    'Not available'
            exit; 
        } 
        
    $pin=mysql_result($result0); 

        
    $pass mysql_query("SELECT * FROM tblPass WHERE username='$username' AND password='$password'"); 
        if (
    mysql_num_rows($pass)>0
        { 
            
    $query "insert into tblOrder (username, password, email, phonenumber, type, amount) values ('$username','$password','$email','$phonenumber','$type', '$amount')"
            
    mysql_query($query) or die(mysql_error()); 

            
    mysql_query('DELETE FROM tblGsm WHERE pin='.$pin); 

            echo 
    "<b>Thank you for placing your order. Your entries are:</b>:"
            echo 
    "<p>"
            echo 
    "<b>email:</b> $email <br>"
            echo 
    "<b>Phone Number:</b> $phonenumber<br>"
            echo 
    "<b>GSM type: </b>$gsmtype<br>"
            echo 
    "<b>Amount: </b>$amount<br>"
            echo 
    "<p>"
            echo 
    "<b>Receipt of transaction has been sent to $email:</b><br><? echo $email; ?>"

            
    $transdate date("d F, Y g:i a"); 
            
    $subject "Thank you for patronising us"
            
    $mailHeader "From: $email"
            
    $message "Your PIN Number is $pin. You bought $type worth $amount on the $transdate"
            
    mail($email$subject$message$mailHeader); 

            echo 
    '<p>';
            echo 
    '<A HREF="index.htm">Click here to go to the Home Page</a>';
            exit; 
        } 
    ?> 
    <b>Sorry, we don't have a member with that username and password in our records, <br>please try again and double check the data you entered.</b> 
    <A HREF="order.htm">Try again</a>

  14. #39
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    Its saying:

    not available.

    Even when the gsmtype and amount is available. I would come to security part later.

    Thanks.

  15. #40

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry, I made a typo myself ($amount = $_POST['elmType']; instead of $amount = $_POST['elmAmounts'];)
    PHP Code:
    <BODY background="images/ricebk.jpg"> 
    <center> 
    <table width=600> 
    <tr> 
    <td width=500><font size=9 color="olive"><b><center>HelloMobile</center></b></font></td> 
    </tr> 
    </table> 
    </center> 
    <hr color = "olive" width=700> 
    <?php 
        
    include("dbconnect.inc.php"); 
        include(
    "is_email_valid.php"); 

        
    $username $_POST['username']; 
        
    $password $_POST['password']; 
        
    $email $_POST['email']; 
        
    $phonenumber $_POST['phonenumber']; 
        
    $gsmtype $_POST['elmType'];
        
    $amount $_POST['elmAmounts'];

        if (empty(
    $username)) 
        { 
            echo 
    "Please enter your User Name. It is required"
            exit; 
        } 

        if (empty(
    $password)) 
        { 
            echo 
    "Please enter your Password. It is required"
            exit; 
        } 

        if (empty(
    $email)) 
        { 
            echo 
    "Please enter your Email Address. It is required"
            exit; 
        } 

        if (empty(
    $phonenumber)) 
        { 
            echo 
    "Please enter your Phone Number. It is required"
            exit; 
        } 

        if (empty(
    $type)) 
        { 
            echo 
    "Please enter GSM Type. It is required"
            exit; 
        } 

        if (empty(
    $amount)) 
        { 
            echo 
    "Please enter Amount. It is required"
            exit; 
        } 

        
    $result mysql_query("SELECT pin FROM tblGsm WHERE gsmtype ='$gsmtype' AND amount='$amount' LIMIT 1") or exit('Returned Error: '.mysql_error()); 
        if (
    mysql_num_rows($result)<1
        { 
            echo 
    'Not available'
            exit; 
        } 
        
    $pin=mysql_result($result0); 

        
    $pass mysql_query("SELECT * FROM tblPass WHERE username='$username' AND password='$password'"); 
        if (
    mysql_num_rows($pass)>0
        { 
            
    $query "insert into tblOrder (username, password, email, phonenumber, type, amount) values ('$username','$password','$email','$phonenumber','$type', '$amount')"
            
    mysql_query($query) or die(mysql_error()); 

            
    mysql_query('DELETE FROM tblGsm WHERE pin='.$pin); 

            echo 
    "<b>Thank you for placing your order. Your entries are:</b>:"
            echo 
    "<p>"
            echo 
    "<b>email:</b> $email <br>"
            echo 
    "<b>Phone Number:</b> $phonenumber<br>"
            echo 
    "<b>GSM type: </b>$gsmtype<br>"
            echo 
    "<b>Amount: </b>$amount<br>"
            echo 
    "<p>"
            echo 
    "<b>Receipt of transaction has been sent to $email:</b><br><? echo $email; ?>"

            
    $transdate date("d F, Y g:i a"); 
            
    $subject "Thank you for patronising us"
            
    $mailHeader "From: $email"
            
    $message "Your PIN Number is $pin. You bought $type worth $amount on the $transdate"
            
    mail($email$subject$message$mailHeader); 

            echo 
    '<p>';
            echo 
    '<A HREF="index.htm">Click here to go to the Home Page</a>';
            exit; 
        } 
    ?> 
    <b>Sorry, we don't have a member with that username and password in our records, <br>please try again and double check the data you entered.</b> 
    <A HREF="order.htm">Try again</a>

  16. #41
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    I spotted the problem. Its working now.

    I would get in touch with you tmoro then we would talk about the security aspect and other things.

    I am so grateful. You are a genius.

  17. #42
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello launchcode,

    Thanks for also helping out yesterday. For spotting $type and $gsmtype. I appreciate it.

    Best regards.

  18. #43
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    you said this yesterday:

    One thing to consider is, your code is entirely vulnerable to malicious SQL attacks (unless you have magic_quotes_gpc on, which I cant know ). You should definitely use mysql_escape_string() on your POST values.

    Well, I just checked. magic_quotes_gpc is turned off. How do I use the mysql_escape_string(). Is it the same thing as using the stripslashes? What other security consideration should I give the site? Would sessions help matters here?

    Thank you.

  19. #44

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mysql_escape_string() is basically very similar to addslashes(). The latter is a PHP specific function and escapes most of the "dangerous" characters. The former is an actual MySQL function which became available in PHP with version 4.0.3.

    As your magic_quotes_gpc is off you should definitely escape your strings, as your input values might be abused otherwise.

  20. #45
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Dear drzoid,

    How is the mysql_escape_string() used. Please give me some sample codes.

    Thank you.

  21. #46

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ehm , the same way as addslashes(). Have a look at http://www.php.net/manual/en/functio...ape-string.php

    You might also want to look at mysql_real_escape_string(), because mysql_escape_string() is marked as deprecated as of 4.3.

  22. #47
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    Just read from the php manual that mysql_escape_string() is deprecated and should not be used. We are adviced to use mysql_real_escape_string() instead.

    Thanks.

  23. #48
    SitePoint Addict Quaint's Avatar
    Join Date
    May 2004
    Location
    Netherlands
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Seriously Dr Zoid, I have deep respect for the way you handle these...

    Way to go! Props for the community also I'd say...

    Quaint Tech
    - Blog on web development and web technology.

  24. #49
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello drzoid,

    I would take care of the security issue later. I need to add two other things to the script first. The script snippet: Take a look at the comments:

    $result = mysql_query("SELECT pin FROM tblGsm WHERE gsmtype

    ='$gsmtype' AND amount='$amount' LIMIT 1") or exit('Returned Error:

    '.mysql_error());
    if (mysql_num_rows($result)<1)
    {
    echo 'GSM Type and Amount is not available';
    exit;
    }
    $pin=mysql_result($result, 0);


    $result=mysql_query("SELECT SUM(amount) FROM tblAcc GROUP BY

    password");
    $totalamount=mysql_result($result, 0);
    //Check to see if buyer has enough credit to make purchase
    if ($totalamount < $amount)
    {
    echo "you don't have enough Credit to make purchase. Please pay in

    to your account";
    exit;
    }

    $pass = mysql_query("SELECT * FROM tblPass WHERE
    username='$username' AND password='$password'");
    if (mysql_num_rows($pass)>0)
    {
    $query = "insert into tblOrder (username, password, email,

    phonenumber, type, amount) values

    ('$username','$password','$email','$phonenumber','$gsmtype',
    '$amount')";
    mysql_query($query) or die(mysql_error());

    //Subtract purchase from totalamount and then place the new balance into table tblAcc.
    $totalamount = $totalamount - $amount

    mysql_query('DELETE FROM tblGsm WHERE pin='.$pin);

    echo "<b>Thank you for placing your order. Your entries

    How do I place the $totalamount into tblAcc?

    Thank you.

  25. #50

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    tblAcc apparently contains a list of purchased credits for each user, right? However your "SELECT SUM(...." probably wont work, as you do not restrict it to a specific user. I guess the following should work
    PHP Code:
    $result=mysql_query("SELECT SUM(amount) FROM tblAcc WHERE username='$username'"); 
    Concerning how to substract the purchased amount, since the purchased credits are probably in no relation to the available amounts, I consider the following as only workaround
    PHP Code:
    mysql_query("INSERT INTO tblAcc (username, amount) VALUES ('$username', -$amount)"); 
    It inserts a new "credit" record into tblAcc associated with the user, but this time with a negative credit covering the requested amount. Anything else would require a modified table structure respectively a changed logic in general.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •