Storing info with cookies problem

[Emma]

I have my php final site project for class due on wednesday and I have ran into one problem. my site is a shopping cart and it allows you to login and view your previous orders. I was creating a cookie at login so that I could perform this query once the customer is logged in:

$query="SELECT p_id, p_name, quantity FROM ordereditems WHERE username='$username'";

However, the username doesn't seem to be being stored to be sent over to the myaccount.php page at login. This is my php code on my login page:

PHP Code:

<?php 
//login.php 
require("functions.php");
include("database.inc");

# start your session at the top of your page.... 
session_start(); 

# define a blank (empty) error message... 
$error_msg = ""; 

# if the form has been submitted... 
if($_POST['submit'] != "") {
    # check the fields have been filled in.... 
    if($_POST['username'] == "") { 
        # if not, add to the empty error message... 
        $error_msg = 'Username empty'; 
    }
    
    if($_POST['password'] == "") { 
        # if not, add to the empty error message... 
        $error_msg = 'Password empty';
    }
    
    # if the error message is empty... 
    if($error_msg == "") { 
        $username = stripslashes($_POST['username']); 
        $password = stripslashes($_POST['password']);
        $query = SqlQuery("SELECT username, password FROM customers WHERE username = '$username' AND password = '$password'");
        
# if there are any rows... 
        if (SqlNumRows($query) > 0) { 
            # register session variables
            $results = SqlFetch($query);
            $_SESSION['username'] = $results['username']; 
            $_SESSION['password'] = $results['password']; 

            ############################### 
            # NOTE: you can only register session vars## 
            # for the field you selected in the query#### 
            ############################### 
            
            # redirect to the designated page...
            Redirect("myaccount.php"); 
            exit(); 
        } else { 
            $error_msg = "Login Failed, Please Try Again"; 
        }
    }
}
?>

This is my functions.php:

PHP Code:

<?php

function SqlQuery($query) {
    /* Database Configuration Parameters */
    $server = "EDITED";
    $user = "EDITED";
    $pass = "EDITED";
    $name = "EDITED";
    /*************************************/
    
    $connection = mysql_connect($server,$user,$pass) or die("Could not connect to MySQL server.");
    mysql_select_db($name) or die("Could not select the proper database.");
    $results =  mysql_query($query);
    mysql_close($connection);
    return $results;
}

function SqlFetch($arr) {
    if(isset($arr)) { 
        return mysql_fetch_array($arr, MYSQL_BOTH);
    } else {
        return NULL;
    }
}

function SqlFetchAssoc($arr) {
    if(isset($arr)) {
        return mysql_fetch_array($arr, MYSQL_ASSOC);
    } else {
        return NULL;
    }
}

function SqlFetchNum($arr) {
    if(isset($arr)) {
        return mysql_fetch_array($arr, MYSQL_NUM);
    } else {
        return NULL;
    }
}

function SqlReset($resultSet) {
    if(isset($resultSet)) {
        mysql_data_seek($resultSet,0);
    }
}

function SqlNumRows($arr) {
    if(isset($arr)) { 
        return mysql_num_rows($arr);
    } else {
        return 0;
    }
}


//Takes a unix timestamp and returns YYYY-MM-DD HH:MM:SS
function TS2DT($tStamp) {
    return date("Y-m-d H:i:s",$tStamp);
}

//Takes YYYY-MM-DD HH:MM:SS and returns a unix timestamp
function DT2TS($dTime) {
    $dTimeParts = explode(" ",$dTime);
    
    $dateParts = explode("-",$dTimeParts[0]);
    $year = $dateParts[0];
    $month = $dateParts[1];
    $day = $dateParts[2];
    
    $timeParts = explode(":",$dTimeParts[1]);
    $hours = $timeParts[0];
    $minutes = $timeParts[1];
    $seconds = $timeParts[2];
    
    return mktime($hours,$minutes,$seconds,$month,$day,$year);
}

//Returns "DayName Month Day, Year Hour:Minute AM/PM"
function ReadableTime($tStamp) {
    return date("l F jS, Y g:i A",$tStamp);
}

//Returns "Month Day, Year"
function ReadableTime2($tStamp) {
    return date("F jS, Y",$tStamp);
}

function Redirect($relativeUrl) {
    header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/".$relativeUrl);
}
?>

And on the my account page require displaypreviousorders.php so that I can run the displayorders function. the displaypreviousorders.php is as follows:

PHP Code:




<?php
//assumes that opendbo called, and session started when call is made.
function displayorders() {
 global $order, $order_id, $p_id, $username, $quantity, $cart, $DBname, $link, $totalprice;
 print ("Username:");
 print ("<br><br>");
print ("$username");
print ("<table>");
 print ("<tr><td> Product ID </td> <td> Product Name </td><td> Quantity </td> <td> 
       Total cost </td> </tr>");

 $totalprice = 0.00; 

   $query="SELECT p_id, p_name, quantity FROM ordereditems WHERE username='$username'";

if($num_rows >= 1) {
   $result = mysql_db_query($DBname, $query, $link) or die($sql); 
   $p_id = mysql_result($result,0,"p_id");
   $p_name = mysql_result($result,0,"p_name");
   $quantity= mysql_result($result,0,"quantity");
   $totalprice += $item_total_price;

   print ("<tr><td> $p_id </td> <td> $p_name </td><td> $quantity </td>          <td> &nbsp </td> </td> ");
   print ("<tr><td> &nbsp </td> <td> &nbsp </td><td> &nbsp </td>          <td>&nbsp </td> </td> ");
  }
 print("<tr> <td> TOTALS </td> <td> </td> <td> $quantity items</td><td> $totalpricef </td></tr>  </table>");
}

?>

The structure and layout (table) is coming through and showing fine, however the information isn't and thats because it has no clue what the $username is that was logged in with. Any help would be a lifesaver!

Thanks!
Emma

[Itshim]

Since you are storing the username in a session variable, after the redirect, you need to use $_SESSION['username'], for the value of $username.

[Emma]

So should my query look like this instead?

$query="SELECT p_id, p_name, quantity FROM ordereditems WHERE username='$_SESSION['username']'";

[Itshim]

Yes, hopefully that will get things working again...

[Emma]

I tried this: print ("$_SESSION['username']");

and I get this error:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/fbnet/public_html/test/displaypreviousorders.php on line 10


Which is the line I posted above. Help

[Itshim]

Try this: print $_SESSION['username'];

minus quotes and parenthesis.

[Emma]

The error is gone with that but the username doesn't come up.

I changed the query to this:

$query="SELECT p_id, p_name, quantity FROM ordereditems WHERE username=$_SESSION['username']'";

I get this error again:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

[Itshim]

Well, you are missing a single quote after username=, but that will not correct the parsing error and I do not see a syntax error on that line. Does it say that this line is causing the problem?

[Emma]

yeah it says thats the problem line the query line

[Itshim]

Sorry, do you have: session_start(); at the top of the page?

[Emma]

yeah I do. It still has the problem as being the query line, line 18:

$query="SELECT p_id, p_name, quantity FROM ordereditems WHERE username='$_SESSION['username']'";

[Itshim]

use:

$query="SELECT p_id, p_name, quantity FROM ordereditems WHERE username='{$_SESSION['username']}'";

[Emma]

The username shows up now. But now I get this error:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/fbnet/public_html/test/displaypreviousorders.php on line 15


here is the current code.

PHP Code:




<?php
//assumes that opendbo called, and session started when call is made.
function displayorders() {
 global $order, $order_id, $p_id, $username, $quantity, $cart, $DBname, $link, $totalprice;
 print ("Username:");
print ("&nbsp;&nbsp;");
print $_SESSION['username'];
 print ("<br><br>");
print ("<table>");
 print ("<tr><td> Product ID </td> <td> Product Name </td><td> Quantity </td> <td> 
       Total cost </td> </tr>");
$row=mysql_fetch_array($result);  

 $totalprice = 0.00; 

$query="SELECT p_id, p_name, quantity FROM ordereditems WHERE username='{$_SESSION['username']}'";

if($num_rows >= 1) {
   $result = mysql_db_query($DBname, $query, $link) or die($sql); 
   $p_id = mysql_result($result,0,"p_id");
   $p_name = mysql_result($result,0,"p_name");
   $quantity= mysql_result($result,0,"quantity");
   $totalprice += $item_total_price;

   print ("<tr><td> $p_id </td> <td> $p_name </td><td> $quantity </td>          <td> &nbsp </td> </td> ");
   print ("<tr><td> &nbsp </td> <td> &nbsp </td><td> &nbsp </td>          <td>&nbsp </td> </td> ");
  }
 print("<tr> <td> TOTALS </td> <td> </td> <td> $quantity items</td><td> $totalpricef </td></tr>  </table>");
}

?>

Line 15 is:

$row=mysql_fetch_array($result);

[Cristiano]

check your query ...it doesnt like it

[Emma]

the query works for me when I run in phpmyadmin.

[Itshim]

This line: $row=mysql_fetch_array($result); I do not see where the variable $result is coming from.

[Emma]

I took it out and it works fine now... though its still not displaying the information I am printing below. Any clues? Thanks for everyone's help I really appreciate it.

PHP Code:

print ("<tr><td> $p_id </td> <td> $p_name </td><td> $quantity </td>          <td> &nbsp </td> </td> "); 
   print ("<tr><td> &nbsp </td> <td> &nbsp </td><td> &nbsp </td>          <td>&nbsp </td> </td> "); 
  } 
print("<tr> <td> TOTALS </td> <td> </td> <td> $quantity items</td><td> $totalprice </td></tr>  </table>"); 
} 


[Itshim]

In this line:
if($num_rows >= 1)

$num_rows is not defined.

[Emma]

I switched that to:

if (SqlNumRows($query) > 0) {

And I am now getting this error.

mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/fbnet/public_html/test/functions.php on line 50

This is my functions.php file:

PHP Code:

<?php 

function SqlQuery($query) { 
    /* Database Configuration Parameters */ 
    $server = "EDITED"; 
    $user = "EDITED"; 
    $pass = "EDITED"; 
    $name = "EDITED"; 
    /*************************************/ 
     
    $connection = mysql_connect($server,$user,$pass) or die("Could not connect to MySQL server."); 
    mysql_select_db($name) or die("Could not select the proper database."); 
    $results =  mysql_query($query); 
    mysql_close($connection); 
    return $results; 
} 

function SqlFetch($arr) { 
    if(isset($arr)) { 
        return mysql_fetch_array($arr, MYSQL_BOTH); 
    } else { 
        return NULL; 
    } 
} 

function SqlFetchAssoc($arr) { 
    if(isset($arr)) { 
        return mysql_fetch_array($arr, MYSQL_ASSOC); 
    } else { 
        return NULL; 
    } 
} 

function SqlFetchNum($arr) { 
    if(isset($arr)) { 
        return mysql_fetch_array($arr, MYSQL_NUM); 
    } else { 
        return NULL; 
    } 
} 

function SqlReset($resultSet) { 
    if(isset($resultSet)) { 
        mysql_data_seek($resultSet,0); 
    } 
} 

function SqlNumRows($arr) { 
    if(isset($arr)) { 
        return mysql_num_rows($arr); 
    } else { 
        return 0; 
    } 
} 


//Takes a unix timestamp and returns YYYY-MM-DD HH:MM:SS 
function TS2DT($tStamp) { 
    return date("Y-m-d H:i:s",$tStamp); 
} 

//Takes YYYY-MM-DD HH:MM:SS and returns a unix timestamp 
function DT2TS($dTime) { 
    $dTimeParts = explode(" ",$dTime); 
     
    $dateParts = explode("-",$dTimeParts[0]); 
    $year = $dateParts[0]; 
    $month = $dateParts[1]; 
    $day = $dateParts[2]; 
     
    $timeParts = explode(":",$dTimeParts[1]); 
    $hours = $timeParts[0]; 
    $minutes = $timeParts[1]; 
    $seconds = $timeParts[2]; 
     
    return mktime($hours,$minutes,$seconds,$month,$day,$year); 
} 

//Returns "DayName Month Day, Year Hour:Minute AM/PM" 
function ReadableTime($tStamp) { 
    return date("l F jS, Y g:i A",$tStamp); 
} 

//Returns "Month Day, Year" 
function ReadableTime2($tStamp) { 
    return date("F jS, Y",$tStamp); 
} 

function Redirect($relativeUrl) { 
    header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/".$relativeUrl); 
} 
?>

Row 50 is:


function SqlNumRows($arr) {
if(isset($arr)) {
return mysql_num_rows($arr);
} else {
return 0;
}
}

[Itshim]

You need to send the query to mysql, right now you are simply sending the sting to your function.

[Emma]

I am still a bit of novice. Can you expain how to do that?

[killerkooki]

Could you repost your latest displayorders() ?
Are you using the functions you defined in functions.php?
From your first post, it doesn't seem like it.

[Itshim]

Using mysql_query() you send the query held by $query, to mysql, like you did with:

$result = mysql_db_query($DBname, $query, $link) or die($sql);

Then you send the result of the query to your sql function. Something like:

PHP Code:

$query="SELECT p_id, p_name, quantity 
        FROM ordereditems 
        WHERE username='{$_SESSION['username']}'";

$result = mysql_query($query);

if (SqlNumRows($result) > 0) { 


Hope this helps,
Itshim

[Emma]

Oh okay. That makes sense. I still have a lot to learn. Thank you for your help