Veraedon

Got it all working now, thanks guys!

Thanks very much for your advice. I'll make the changes then see how I go. It will be later this afternoon as I have work today, hence the tardiness of my replies, apologies.

Well that is the idea, the process order page is actually a result page of the place order page, so I don't mind that at all. I'm not quite sure what you mean about the $conn being called for prior to a connection being made... which extract of code are you referring to?

After some fiddling, for some reason it was the connection script to the database.. which makes no sense as there are sufficient privileges to access that kind of data. Oh well... Back on topic though: Code rewritten, only getting one error which is: Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\Bazaar\includes\functions.php on line 201 From my understanding of the error, it is to do with the database needing to be open... which it should be from the $conn already.. function sanitiseMySQL($var) { global $conn; [b]$var = mysqli_real_escape_string ($conn, $var);[/b] //Line 201 $var = sanitiseString($var); return $var; } Place Order Page <?php if (!isset($_SESSION)) { session_start(); } require_once "../database/dbcustomer.php"; require_once "../includes/functions.php"; $page_title = 'Product Catalogue'; include_once "header.php"; $conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname); $query = "SELECT * from products"; $result = mysqli_query($conn, $query); if (!$result) { include_once "header.php"; die ("Error, could not query the database"); } else { $rows = mysqli_num_rows($result); if ($rows>0) { while ($row = mysqli_fetch_array($result)) { ?> <form method="post"action="processQuantity.php"> <br /> <br /> <br /> <table> <tr> <td style="width: 200px">Product Code:</td> <td><?php echo $row['ProductCode']; ?><input type="hidden" name="ProductCode" id="ProductCode" value="<?php if (isset ($productcode)) echo $productcode; ?>"size = "20" /></td> </tr> <tr> <td>Product Name:</td> <td><?php echo $row['ProductName']; ?><input type="hidden" name="ProductName" id="ProductName" value="<?php if (isset ($productname)) echo $productname; ?>"size = "20" /></td> </tr> <tr> <td>Product Description:</td> <td><?php echo $row['ProductDescription']; ?><input type="hidden" name="ProductQuantity" id="ProductQuantity" value="<?php if (isset ($productquantity)) echo $productquantity; ?>"size = "20" /></td> </tr> <tr> <td>Product Colour:</td> <td><?php echo $row['ProductColour']; ?><input type="hidden" name="ProductColour" id="ProductColour" value="<?php if (isset ($productcolour)) echo $productcolour; ?>"size = "20" /></td> </tr> <tr> <td>Product Price $:</td> <td><?php echo $row['ProductPrice']; ?><input type="hidden" name="ProductPrice" id="ProductPrice" value="<?php if (isset ($productprice)) echo $productprice; ?>"size = "20" /></td> </tr> <tr> <td>Product Image:</td> <td><img src="<?php echo $row['ProductImagePath']; ?>" /><input type="hidden" name="ProductImagePath" id="ProductImagePath" value="<?php if (isset ($productimagepath)) echo $productimagepath; ?>"size = "20" /></td> </tr> <tr> <td>Quantity in Stock:</td> <td><?php echo $row['ProductQuantity']; ?><input type="hidden" name="ProductQuantity" id="ProductQuantity" value="<?php if (isset ($productquantity)) echo $productquantity; ?>"size = "20" /></td> </tr> <tr> <td>Quantity:</td> <td><input type="number" name="Quantity" id="Quantity" value="<?php if (isset ($quantity)) echo $quantity; ?>"size = "20" /></td> <td><input type="submit" name="Purchase" value= "Purchase" /></td> </tr> </table> </form> <hr /> <?php } include "footer.html"; } } Process Order Page ?> <?php if (!isset($_SESSION)) { session_start(); } require_once "../includes/functions.php"; require_once "../database/db.php"; //get variables from form $quantity = $_POST['Quantity']; $productquantity = $_POST['ProductQuantity']; $productcode = $_POST['ProductCode']; $productprice = $_POST['ProductPrice']; $productimagepath = $_POST['ProductImagePath']; $total = $quantity * $productprice; $error_message = ''; //sanitise date $sproductcode = sanitiseMySQL($productcode); $squantity = sanitiseMySQL($quantity); $sproductprice = sanitiseMySQL($productprice); $error_message = ''; if ($error_message != '') { include_once "index.php"; exit(); } else { $conn = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname); if (!$conn) { $error_message = "Could not connect to server"; include_once "displayCatalogue-PlaceOrder.php"; exit (); } else { $query = "SELECT productquantity FROM products WHERE productcode = '$sproductcode'"; $result = mysqli_query ($conn, $query); $productquantity = mysqli_num_rows($result); if ($quantity <= $productquantity) { $error_message = "You cannot order more than what is currently instock"; include_once "displayCatalogue-PlaceOrder.php"; exit (); } else { $row = mysqli_fetch_row($result); $query = "INSERT INTO orders (productcode, quantity, productprice, orderdate) VALUES ('$sproductcode', '$squantity', '$sproductprice', '(CURDATE())')"; $result = mysqli_query($conn, $query); $row = mysqli_affected_rows($conn); if ($row > 0) { include "header.php";?> <h3>Order Confirmation</h3> <p>Thank you, your order is now being processed.</p> <table> <tr> <td style="width: 200px">Order Number:</td> <td><?php echo $orderid; ?></td> </tr> <tr> <td>Product Code:</td> <td><?php echo $row('productcode'); ?></td> </tr><tr> <td>Quantity:</td> <td><?php echo $row('quantity'); ?></td> </tr> <tr> <td>Price:</td> <td><?php echo $row('productPrice'); ?></td> </tr> <tr> <td>Total Cost of Order:</td> <td><?php echo $total; ?></td> </tr> </table> <?php include "footer.html"; } else { $error_message ="Error placing your order, please try again"; include "displayCatalogue-PlaceOrder.php"; exit(); } } } } //this is used to validate the quantity entered against what is available in the database ?>

Agreed, I am going to have to rewrite the whole thing. One question, unrelated to this, has me completely stumped. I have written this code for logon for customers so that they can access other pages. Now it was working perfectly before... now it's not working at all..I simply get a blank page. Am I missing something here? I haven't made any changes since and the queries match the tables otherwise I would be getting an error message: Logon Page: <?php if (isset($_SESSION['logged'])) $page_title = 'Log on'; require_once "header.php"; ?> <h3>Previously registered? Enter your details here.</h3> <?php if (!empty($error_message)) { echo '<p style="color:red">'. $error_message . '</p>'; } ?> <form method="post"action="processLogon.php"> <table> <tr> <td>Username:</td> <td><input type="text" name="username" id="username" value="<?php if (isset($username)) echo $username; ?>" size = "40" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" id="password" value="<?php if (isset($password)) echo $password; ?>" size = "40" /></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" id="submit" value="Submit" /><input type="reset" name="reset" value="Reset" /></td> </tr> </table> </form> <?php include_once "footer.html";?> Process Logon Page: <?php //the logged session must be set before the header file is included (due to navigation bars) if (!isset($_SESSION)) { session_start(); } require_once "../includes/functions.php"; require_once "../database/dbcustomer.php"; //get inputs from form $username = $_POST['username']; $password = $_POST['password']; $error_message = ''; //validate data $error_message .= validate_username($username); $error_message .= validate_password($password); //sanitise data $susername = sanitiseString($username); $spassword = sanitiseString($password); if ($error_message != '') { include_once "index.php"; exit(); } else { $conn = mysqli_connect($dbhost, $dbuser, $dbpassword, $dbname); if (!$conn) { $error_message = "Could not connect to server"; include_once "logon.php"; exit(); } else { $hspassword = hash('sha256', $spassword); $query = "select * from customers where username = '$susername' and password = '$hspassword'"; $result = mysqli_query($conn, $query); if ($result) { $norow = mysqli_num_rows($result); if ($norow == 1) { $row = mysqli_fetch_row($result); $_SESSION['name'] = $row[1]; $_SESSION['logged'] = true; include_once "header.php"; echo "<br /><br /><br />Welcome back " . $_SESSION['name']; echo "<p>You are now logged on.</p>"; include_once "footer.html"; } else { $error_message = "Username and password are invalid <br />"; include_once "logon.php"; exit (); } } } } ?> <?php //To check that a user is registered, you would write an sql query to select a record from the table where theusername the username entered in the form and the password = the password entered in the form. ?>

mysql and mysqli do the same thing, it's just how I learned to code it I may well have to recode all of it from scratch. Still trying to figure out how I would achieve my desired result though. I keep hitting a wall with the queries into php, so messy =\

I don't believe that is the case? - http://www.html5tutorial.info/html5-number.php However, I am happy to change it if you think that would solve the issue. However I don't believe that would resolve the current problem I am having.

gives me a Notice: Undefined index: Quantity in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 38 error on the product/catalogue page (bear in mind that quantity is in the orders table, separate from all the other fields which are in the products table) and when I attempt to process an order I get the following errors - Notice: Undefined index: OrderId in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 10 Notice: Undefined index: ProductImagePath in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line

I forgot to say, I am getting this error on the catalogue page: Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 11 Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 12 Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 13 Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 14 Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 15 Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 16 Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 17 Notice: Undefined variable: row in C:\xampp\htdocs\Bazaar\shop\displayCatalogue-PlaceOrder.php on line 18 Am I not supposed to use a mysqli_fetch command in order to define the variables? Am I also getting the following error as part of the process page: Notice: Undefined index: ProductQuantity in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 9 Notice: Undefined index: OrderId in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 10 Notice: Undefined index: ProductCode in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 11 Notice: Undefined index: ProductPrice in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 12 Notice: Undefined index: ProductImagePath in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 13

Thank you very much for your input. I applied the editing you advised as shown below (I hope it's right) I was previously only using one form, but I had 2 tables, I still have 2 tables because I need the output from the quantity entered with the order summary details on a separate page to show an order confirmation. Catalogue/Place order page: <?php session_start(); require_once "../database/dbcustomer.php"; require_once "../includes/functions.php"; $page_title = 'Product Catalogue'; include_once "header.php"; $error_message = ''; $productcode = $row['ProductCode']; $productname = $row['ProductName']; $productdescription = $row['ProductDescription']; $productcolour = $row['ProductColour']; $productprice = $row['ProductPrice']; $productimage = $row['ProductImagePath']; $productquantity = $row['ProductQuantity']; $quantity = $row['Quantity']; $conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname); $query = "SELECT * from products"; $result = mysqli_query($conn, $query); if (!$result) { include_once "header.php"; die ("Error, could not query the database"); } else { $rows = mysqli_num_rows($result); if ($rows>0) { while ($row = mysqli_fetch_array($result)) { ?> <form> <br /> <br /> <br /> <table> <tr> <td style="width: 200px">Product Code:</td> <td><?php echo $row['ProductCode']; ?><input type='hidden' name="ProductCode" value="<?php $productcode;?>" /></td> </tr> <tr> <td>Product Name:</td> <td><?php echo $row['ProductName']; ?><input type='hidden' name="ProductName" value="<?php $productname;?>" /></td> </tr> <tr> <td>Product Description:</td> <td><?php echo $row['ProductDescription']; ?><input type='hidden' name="ProductDescription" value="<?php $productdescription;?>" /></td> </tr> <tr> <td>Product Colour:</td> <td><?php echo $row['ProductColour']; ?><input type='hidden' name="ProductColour" value="<?php $productcolour;?>" /></td> </tr> <tr> <td>Product Price:</td> <td><?php echo $row['ProductPrice']; ?><input type='hidden' name="ProductPrice" value="<?php $productprice;?>" /></td> </tr> <tr> <td>Product Image:</td> <td><?php echo $row['ProductImagePath']; ?><input type='hidden' name="ProductImage" value="<?php $productimage;?>" /></td> </tr> <tr> <td>Quantity in Stock:</td> <td><?php echo $row['ProductQuantity']; ?><input type='hidden' name="ProductQuantity" value="<?php $productquantity;?>" /></td> </tr> </table> </form> <form method="post"action="processQuantity.php"> <table> <tr> <td style="width: 200px">Quantity:</td> <td><input type="number" name="Quantity" id="Quantity" value="<?php if (isset ($quantity)) echo $quantity; ?>"size = "20" /></td> <td><input type="submit" name="Purchase" value= "Purchase" /></td> </tr> </table> </form> <hr /> <?php } include "footer.html"; } } ?> Process Order / Confirmation page: <?php session_start(); require_once "../includes/functions.php"; require_once "../database/db.php"; $quantity = $_POST['Quantity']; $productquantity = $_POST['ProductQuantity']; $orderid = $_POST['OrderId']; $productcode = $_POST['ProductCode']; $productprice = $_POST['ProductPrice']; $productimagepath = $_POST['ProductImagePath']; $total = $quantity * $productprice; $error_message = ''; if ($error_message != '') { include_once "displayCatalogue-PlaceOrder.php"; exit(); $conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname); if (!$conn) { echo "Error"; } else { //sanitise date $scustomerid = sanitiseMySQL($customerid); $sproductcode = sanitiseMySQL($productcode); $squantity = sanitiseMySQL($quantity); $sproductprice = sanitiseMySQL($productprice); $sorderdate = sanitiseMySQL($orderdate); $query = "select productquantity from products where productcode = '$sproductcode'"; $result = msqli_query ($conn, $query); $productquantity = mysqli_num_rows($result); if ($quantity <= $productquantity) { $error_message = "You cannot order more than what is currently instock"; include_once "displayCatalogue-PlaceOrder.php"; exit (); } else { $row = mysqli_fetch_row($result); $query = "INSERT into orders (customerid, productcode, quantity, productprice, orderdate) values ('$scustomerid', '$sproductcode', '$squantity', '$sproductprice', '$sorderdate')"; $result = mysqli_query($conn, $query); $row = mysqli_affected_rows($conn); if ($row > 0) { include "header.php";?> <h3>Order Confirmation</h3> <p>Thank you, your order is now being processed.</p> <table> <tr> <td style="width: 200px">Order Number:</td> <td><?php echo $orderid; ?></td> </tr> <tr> <td>Product Code:</td> <td><?php echo $productcode; ?></td> </tr><tr> <td>Quantity:</td> <td><?php echo $quantity; ?></td> </tr> <tr> <td>Price:</td> <td><?php echo $productPrice; ?></td> </tr> <tr> <td>Total Cost of Order:</td> <td><?php echo $total; ?></td> </tr> </table> <?php include "footer.html"; } else { $error_message ="Error placing your order, please try again"; include "displayCatalogue-PlaceOrder.php"; exit(); } } } } //this is used to validate the quantity entered against what is available in the database ?>

I thought I was posting the values in the processquantity.php using: $row = mysqli_affected_rows($conn); if ($row > 0) { include "header.php";?> <h3>Order Confirmation</h3> <p>Thank you, your order is now being processed.</p> <table> <tr> <td style="width: 200px">Order Number:</td> <td><?php echo $orderid; ?></td> </tr> <tr> <td>Product Code:</td> <td><?php echo $productcode; ?></td> </tr><tr> <td>Quantity:</td> <td><?php echo $quantity; ?></td> </tr> <tr> <td>Price:</td> <td><?php echo $productPrice; ?></td> </tr> <tr> <td>Total Cost of Order:</td> <td><?php echo $total; ?></td> </tr> </table> That second snippet of code that you posted is the piece I am using to submit a value to the database, to insert it into the orders table, have I done that wrong?

If you are referring to the mysqli_fetch commands etc, that is the syntax for sending/gathering data from the sql database (located in phpMyAdmin).

Hi, thanks for your reply. That still gave me the same error as before, which is: Notice: Undefined index: ProductQuantity in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 9 Notice: Undefined index: orderid in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 10 Notice: Undefined index: productcode in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 11 Notice: Undefined index: productprice in C:\xampp\htdocs\Bazaar\shop\processQuantity.php on line 12 This is my first attempt at creating an ecommerce site, I just want to get the basic structure down before looking at anything else. I thought my code made sense as I have a query to select the available quantity from the products table, compare it to the value entered, and then if it is less than or equal (i added the <= between the variables instead of just <) to the amount entered, the order confirmation is displayed. I'm not sure where I am going wrong here =\

Hi guys, I am building a website with basic e-commerce functionality, using php and using xampp to test it. I am having issues when attempting to submit a quantity (into table orders) using a form and validating it against an existing value (from table products), giving a response on whether there is sufficient quantity in the second table. I am then, in another page (same one performing the validations), attempting to then show a result based on the initial quantity entered, with a summary of the order details and calculation of the quantity * price to display a total as well. This has all been built from scratch, however I may have taken the wrong approach for these two pages... any assistance or insight as to where I am going wrong would be greatly appreciated. Here is the page I have placed the products, existing quantity and a text field they are able to enter their desired quantity: <?php session_start(); require_once "../database/db.php"; require_once "../includes/functions.php"; $page_title = 'Product Catalogue'; include_once "header.php"; $conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname); $query = "SELECT * from products"; $result = mysqli_query($conn, $query); if (!$result) { include_once "header.php"; die ("Error, could not query the database"); } else { $rows = mysqli_num_rows($result); if ($rows>0) { while ($row = mysqli_fetch_array($result)) { ?> <form> <br /> <br /> <br /> <table> <tr> <td style="width: 200px">Product Code:</td> <td><?php echo $row['ProductCode']; ?></td> </tr> <tr> <td>Product Name:</td> <td><?php echo $row['ProductName']; ?></td> </tr> <tr> <td>Product Description:</td> <td><?php echo $row['ProductDescription']; ?></td> </tr> <tr> <td>Product Colour:</td> <td><?php echo $row['ProductColour']; ?></td> </tr> <tr> <td>Product Price:</td> <td>$<?php echo number_format($row['ProductPrice'],2); ?></td> </tr> <tr> <td>Product Image:</td> <td><img src="<?php echo $row['ProductImagePath']?>"/></td> </tr> <tr> <td>Quantity in Stock:</td> <td><?php echo $row['ProductQuantity']; ?></td> </tr> </table> </form> <form method="post"action="processQuantity.php"> <table> <tr> <td style="width: 200px">Quantity:</td> <td><input type="number" name="Quantity" id="Quantity" value="<?php if (isset ($quantity)) echo $quantity; ?>"size = "20" /></td> <td><input type="submit" name="Purchase" value= "Purchase" /></td> </tr> </table> </form> <hr /> <?php } include "footer.html"; } } ?> Here is the page that I am using to validate the data as well as show a result based on the entered amount: <?php session_start(); require_once "../includes/functions.php"; require_once "../database/db.php"; $quantity = $_POST['Quantity']; $productquantity = $_POST['ProductQuantity']; $orderid = $_POST['orderid']; $productcode = $_POST['productcode']; $productprice = $_POST['productprice']; $total = $quantity * $productprice; $error_message = ''; if ($error_message != '') { include_once "displayCatalogue-PlaceOrder.php"; exit(); $conn = mysqli_connect ($dbhost, $dbuser, $dbpassword, $dbname); if (!$conn) { echo "Error"; } else { //sanitise date $scustomerid = sanitiseMySQL($customerid); $sproductcode = sanitiseMySQL($productcode); $squantity = sanitiseMySQL($quantity); $sproductprice = sanitiseMySQL($productprice); $sorderdate = sanitiseMySQL($orderdate); $query = "select productquantity from products where productcode = '$sproductcode'"; $result = msqli_query ($conn, $query); $productquantity = mysqli_num_rows($result); if ($quantity < $productquantity) { $error_message = "You cannot order more than what is currently instock"; include_once "displayCatalogue-PlaceOrder.php"; exit (); } else { $row = mysqli_fetch_row($result); $query = "INSERT into orders (customerid, productcode, quantity, productprice, orderdate) values ('$scustomerid', $sproductcode', '$squantity', '$sproductprice', '$sorderdate')"; $result = mysqli_query($conn, $query); $row = mysqli_affected_rows($conn); if ($row > 0) { include "header.php";?> <h3>Order Confirmation</h3> <p>Thank you, your order is now being processed.</p> <table> <tr> <td style="width: 200px">Order Number:</td> <td><?php echo $orderid; ?></td> </tr> <tr> <td>Product Code:</td> <td><?php echo $productcode; ?></td> </tr><tr> <td>Quantity:</td> <td><?php echo $quantity; ?></td> </tr> <tr> <td>Price:</td> <td><?php echo $productPrice; ?></td> </tr> <tr> <td>Total Cost of Order:</td> <td><?php echo $total; ?></td> </tr> </table> <?php include "footer.html"; } else { $error_message ="Error placing your order, please try again"; include "displayCatalogue-PlaceOrder.php"; exit(); } } } } //this is used to validate the quantity entered against what is available in the database ?>