Need Help on php coding

mby247 · May 23, 2010, 4:21pm

Hi member, am creating a shipping website with tracking page where shipment can be tracked for histry but I have problem with my php coding. I want only the tracking number entered into the tracking page to run MySql record on the database but with the code below, even any number i input or even with no input on the track page, would still run the database. Please I need help on…only the tracking number can run the record on MySQl. If my coding is wrong…pls correct me.

Here is the form action:

&lt;form action="#" method="post" target="_self"&gt;&lt;input size="20" maxlength="15" /&gt; &lt;input type="submit" value="Track" /&gt;


&lt;?php 
//Connect To Database 
$hostname='foo.example.com'; 
$username='foo'; 
$password='password'; 
$dbname='ee456874958my'; 
$usertable='3456746my'; 


mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.'); 
mysql_select_db($dbname); 

//This array contains all correct tracking numbers 
$correct_tracking_numbers=array(22333); 
if(in_array(22333,$correct_tracking_numbers)){ 
$query = 'SELECT * FROM ' . $usertable; 
$result = mysql_query($query) or die(mysql_error()); 
while($row = mysql_fetch_array($result)){ 
echo $row['Date/Time'] . " " . $row['Event']. " ". $row['Location']. " " . $row['Details'] . "&lt;br/&gt;"; 
} 
}else{ 
echo '&lt;b&gt;The tracking number you entered is not valid!&lt;/b&gt;'; 
} 
?&gt;

Pls help me I got get this done within days.

mby247 · May 23, 2010, 7:06pm

Hi Raju…thnx for the reply. Am very g8tful. U don’t know the smiles u ve put in my face…I have been battle with this for days with sleepless nites coupled with. Once again…Thanks and Thumbs up 2 u. I also wish to inquiry cos as you see my form input…it is far diff from urs with us with more understand n explaination. Merely seeing urs…I can understand the script and know where I went wrong. I wish to ask if I run ur own recommended form and script it would work out as I wish…i.e If no tracking number…msg requiring tracking number would be display and if wrong number, it would request for tracking number and if the number is in array…it would run mysql query? Just need a confirmation from you and also I would like you to explain for me the else if statement cos I want to understand the meaning of <= 0 and >15. Pls explain and advice on the above inquiry. Thanks friend. U desire a hug!!.

mby247 · May 23, 2010, 7:40pm

Hw can I say Thanks U 2 U? U r a genius and I can’t stop laughing my ass off. Thanks dude. I would need a help of ur knwledge. Can you teach me how to run so many mysql query on the "trackcheck.php file? I mean how to run them and diff them from each other. I would be glad if you can teach me tat also.

Thanks man.

mby247 · May 23, 2010, 7:15pm

Also my friend Raju…wd b glad if u explain this pls…

Wat is name=“btuntrack” id=“btuntrack”

Thnx

Raju_Gautam · May 23, 2010, 5:10pm

Hi mby247!

Welcome to the Sitepoint Forums!

I don’t know if the form you have posted is exactly what you have in real time. But your form element (text box is supposed to be i assume) is completely wrong or invalid or not good enough.

So your form should look like this:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
	<meta name="author" content="Raju Gautam" />
	<title>Track Check</title>
</head>
<body>
<form action="trackcheck.php" method="post" name="frmtrack" id="frmtrack">
    Track Number : <input name="track_number" id="track_number" size="20" maxlength="15" />
    <input type="submit" name="btuntrack" id="btuntrack" value="Track" />
</body>
</html>

And your track processing script should look like this (trackcheck.php - see form’s action attribute):


//Connect To Database 
$hostname='foo.example.com'; 
$username='foo'; 
$password='password'; 
$dbname='ee456874958my'; 
$usertable='3456746my'; 

mysql_connect($hostname, $username, $password) OR DIE ('Unable to connect to database! Please try again later.'); 
mysql_select_db($dbname);

//This array contains all correct tracking numbers 
$track_number = $_POST['track_number'];
if(empty($track_number)){
    die('Please enter track number');
}
else if(strlen($track_number) <= 0 || strlen($track_number) > 15){
    die('Invalid track number');
}
else{
    $correct_tracking_numbers = array(22333); 
    if(in_array($track_number, $correct_tracking_numbers)){ 
        $query = 'SELECT * FROM ' . $usertable; 
        $result = mysql_query($query) or die(mysql_error()); 
        while($row = mysql_fetch_array($result)){ 
            echo $row['Date/Time'] . " " . $row['Event']. " ". $row['Location']. " " . $row['Details'] . "<br/>"; 
        }
    }
    else{ 
        echo '<b>The tracking number you entered is not valid!</b>'; 
    }
}

I am not sure in this way the check will be valid because in your script you haven’t checked entered track number. But I am not sure about your business logic. But I hope this will help you to proceed.