monstaface

This website will never be functional. This is purely a prototype for a project that I am working on, hence the reason I haven't gotten around to escaping my user input. If you have a solution to my problem I would be extremely grateful.

Im attempting to create a form so that when the event is selected from the dropdown, when the form on the next page is filled in they both save to the table in the database. The form: $party=$_GET['partyName']; echo "<form method=post action=BookEvent.php>" ; echo "<table border=0 cellpadding=5>"; echo "<tr><td>First Name </td>"; echo "<td><input type=text name=r_fn size=35></td></tr>"; echo "<tr><td>Last Name </td>"; echo "<td><input type=text name=r_ln size=35></td></tr>"; echo "<tr><td>Tel No </td>"; echo "<td><input type=text name=r_tn size=35></td></tr>"; echo "<tr><td>Email Address </td>"; echo "<td><input type=text name=r_e size=35></td></tr>"; echo "<tr><td>Ticket Quantity</td>"; echo "<td><input type=text name=r_q size=35></td></tr>"; echo "<tr><td><input type=submit value='Request Ticket'></td></tr>"; echo "</table>"; echo "</form>" ; The 'bookevent page in correlation with the form: $quantity=$_POST['r_q']; $name=$_POST['r_fn']; $sname=$_POST['r_ln']; $tel=$_POST['r_tn']; $email=$_POST['r_e']; $party=$_GET['partyName']; if (!$name or !$sname or !$tel or !$email or !$quantity) { echo "<p>Your form is incomplete "; echo "<br>Please fill in details "; include("footlayout.html"); } else { $SQL="insert into Bookings(customerFName, customerSName, customerTelNo, customerEmail, tickets) values ('".$name."','".$sname."','".$tel."','".$email."','".$quantity."')"; $exeSQL=mysql_query($SQL); echo"Thank you for booking "; } $ASQL="select Quantity from PARTY where Name='$party'"; $exeASQL=mysql_query($SQL) or die (mysql_error()); $array=mysql_fetch_array($exeASQL); $quantity=$array['r_q']; if ($ticket>$quantity) { echo"Sorry There are only:" .$quantity; include("footlayout.html"); exit; } echo"Thank you for booking tickets to"; echo $party; My issue is that I am trying to separate the statements after the first 'if' because if all the records are entered correctly, The page echoes both messages the 'Thank you for booking tickets to' and the 'Sorry there are only' also both variables $quantity and $party don't show their values. Please help me out, I'm new to coding and attempting to teach myself. I would be extremely grateful!

Thanks for the feedback and the link, I will definitely check it out!

Anyone?

I've created a dropdown menu, however nothing below the dropdown shows so that I cannot go to the next page, neither is there a footlayout. I'm sure there's an issue with my code as i'm a new learner and not so talented! I would be grateful for some feedback <?php session_start(); include ("db.php"); $pagename="Purchases"; echo "<link rel=stylesheet type=text/css href=mystylesheet.css>"; echo "<title>".$pagename."</title>"; include("headlayout3.html"); //display the name of the site and the date dynamically. See uk.php.net echo date ('l d F Y H:i:s'); echo "<p></p>"; //display name of the page echo "<h2>".$pagename."</h2>"; if(!isset($_SESSION['uType'])) die("Please login to continue"); echo "Please choose the selected party:<br></br>"; //Drop down menu $Party="SELECT * from Party"; $exeParty=mysql_query($Party); echo "<select>"; while($arrayParty = mysql_fetch_array($exeParty)) { echo"<option value='partyname'>".$arrayParty['PartyName']."</option>"; } //Link to next page where a form is to continue echo"Please Continue"; echo "<a href=ticket.php>Purchase Ticket</a>"; //include foot layout include("footlayout.html"); ?>

^Thanks i'll look into this now Also I wanted to create a link in my header where staff members can logout of the system. In the Places I have searched for how to proceed I have been told that the only code required would be: <?php session_start(); session_destroy(); ?> Is this the correct method?

^Thanks I fixed the mistake and i am sanitizing my user input right now!

It worked thank you everyone!

Sorry could you elaborate on what you mean with an example?

I am creating seperate logins for users and once my staff have logged in the pages they have access too are not visible to other users however if the users find the URL and type it in they can still view the link. I then created a session to fix this issue with the following code: session_start(); include ("db.php"); if(!isset($_SESSION['sId'])) die("Access not allowed "); However now even if a staff member is logged into the system I still receive the following statement when they attempt to access the page: 'Access not allowed ' In the getlogin page I also placed this line of code : session_start(); include("db.php"); $_SESSION['sId']; How can I fix this? Thanks in advance for your help

^ Sorry! I'm going to do it now lol!

Sorry one more question! The answer above helped when I had a normal textbox in the form, however when I use a text area the information doesn't show on the form from the database. Example: echo "<tr><td>Life story</td>"; echo "<td><TEXTAREA NAME=r_lifestory ROWS=6 COLS=40 value=$arraylife[lifestory]> </TEXTAREA></td></tr>";

^Thanks!

Thank you so much!

I wanted to ask a question about my form, when I access that page the whole postcode doesn't show in the r_postcode box and only the first three netters/numbers do. Is there a way to fix this?