Help Me On Php Variables And Sql Statements

[zamzam]

Hello I have a problem. when I submit a form with values which is received by or assigned to $prod =$_POST[productname];
$qtty =$_POST[quantity];. Then when I use $prod varible in sql statement ($result = mysql_query("SELECT stockCount from products WHERE name='$prod'",$db)
It is not able to selected data or records as expected even it data is in the table.
However, when I used the actual value in sql statement as ($result = mysql_query("SELECT stockCount from products WHERE name='printer'",$db) it works.
PHP code is below.
How can solve this problem??
Your help will be highly appreciated.

PHP Code:

include'connex.php';

$prod =$_POST[productname];
$qtty =$_POST[quantity];

if ($_POST[Confirm]=="Confirm"){

//$result = mysql_query("SELECT quantity FROM shoppingcart WHERE productname= $prod AND user='moses'");
$result = mysql_query("SELECT stockCount from products WHERE name='$prod'",$db);

//echo $result;

$result7 = mysql_query("SELECT stockCount FROM products WHERE name='$_POST[productname]'",$db);
$row=mysql_fetch_object($result7);
$finalResult=$row->stockCount;
//echo $finalResult; 
$row = mysql_fetch_array($result7);
echo $myrow[stockCount];

$newStock= $result - $_POST[quantity];
$result2 = mysql_query("UPDATE  products SET stockCount= $newStock WHERE name='$_POST[productname]'",$db);
$result3 = mysql_query("INSERT INTO requisitions (user,product,qty) VALUES('moses','$prod','$qtty')",$db);
$result4 = mysql_query("DELETE FROM shoppingcart WHERE user='moses' AND productname= $prod)",$db);

}

elseif ($_POST[Delete]=="Delete")

{
$result5 = mysql_query("DELETE FROM shoppingcart WHERE user='moses' AND productname= $prod)",$db);

} 


[priti]

Hello I have a problem. when I submit a form with values which is received by or assigned to $prod =$_POST[productname];
$qtty =$_POST[quantity];. Then when I use $prod varible in sql statement ($result = mysql_query("SELECT stockCount from products WHERE name='$prod'",$db)
It is not able to selected data or records as expected even it data is in the table.
However, when I used the actual value in sql statement as ($result = mysql_query("SELECT stockCount from products WHERE name='printer'",$db) it works.
PHP code is below.
How can solve this problem??
Your help will be highly appreciated.

PHP Code:

include'connex.php';

$prod =$_POST[productname];
$qtty =$_POST[quantity];

if ($_POST[Confirm]=="Confirm"){

//$result = mysql_query("SELECT quantity FROM shoppingcart WHERE productname= $prod AND user='moses'");
$result = mysql_query("SELECT stockCount from products WHERE name='$prod'",$db);

//echo $result;

$result7 = mysql_query("SELECT stockCount FROM products WHERE name='$_POST[productname]'",$db);
$row=mysql_fetch_object($result7);
$finalResult=$row->stockCount;
//echo $finalResult; 
$row = mysql_fetch_array($result7);
echo $myrow[stockCount];

$newStock= $result - $_POST[quantity];
$result2 = mysql_query("UPDATE  products SET stockCount= $newStock WHERE name='$_POST[productname]'",$db);
$result3 = mysql_query("INSERT INTO requisitions (user,product,qty) VALUES('moses','$prod','$qtty')",$db);
$result4 = mysql_query("DELETE FROM shoppingcart WHERE user='moses' AND productname= $prod)",$db);

}

elseif ($_POST[Delete]=="Delete")

{
$result5 = mysql_query("DELETE FROM shoppingcart WHERE user='moses' AND productname= $prod)",$db);

} 


just check $_POST['productname'] .weather your $prod carries any value?print the sql statement and run on sql mode in phpmyadmin weather your query execute this way you can track the possiblity of error in the code.

[santouras]

because I am quite pedantic about my code, I must also let you know that you're doing a number of things badly in your code there. Always quote your array keys. If you turn on all error reporting you'll see that an E_NOTICE is getting thrown every time you use $array[key]; PHP thinks key is a constant, and when it can't find a constant of that name it tries to use it as a string. However this is faaaaaaaar from desirable.

Always use $array['key']; as this will stop the E_NOTICE from being thrown, speed up your code execution as it doesn't have to look for a non-existant constant, and also save you a debugging nightmare when down the track you create a constant called key and wonder why your code has suddenly fallen apart.

The other bit that pains me is when you have embedded an array inside double quotes. You should be doing it like

PHP Code:

$str = "text text {$array['key']}"; 


infact, it is best practise to always use {} when embedding any variable inside double quotes as it provides a clear demarcation between what is the string and what is the variable.

In addition, use require_once instead of include.

Now that that is all over, I would recommend as priti mentioned, make sure your query is constructed properly and those variables are being placed in there.

I also find it easiest to assign my queries to a variable instead of directly putting them in mysql_query() as it makes for easier debugging

PHP Code:

$qry = "select * from table where fpp ='{$bar}'";

//if I want to I can just go
//echo $qry;
//here instead of copy/pasting the whole query

$result = mysql_query($qry);