PHP insertion problems to MySQL

[joseph_ccc]

Hi, I have a few problems with a coursework I need to do. Sorry, my programming is not very good. I hope somebody can help me. The problem is that I am not able to insert the data into my database, it shows the transaction proceed, insert customer_id and order_id but it doesn't introduce the other fields ( name, address, pass).

 

This is my code:

 

<?php session_start(); //Test if Customers has a value stored

if (!isset($_SESSION["customers"])) {
$_SESSION['customers'] = array();
} //End Test if Customers has a value stored

?>  

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml"> 

<head> 

<title>Vino Viejo</title> 

<link href="global.css" rel="stylesheet" type="text/css" /> 

</head> 

<body> 

<!-- Wrapper -->
<div id="wrapper">

<!-- Bottle Nav --> 
<div id="bottlenav"> 

<img id="bottletop" src="images/bottletop.gif" alt="Menu Img" />

<li><a href="index.php"><img id="homenav" src="images/home.gif" alt="Home" /></a></li>

<li><a href="wines.php"><img id="buynav" src="images/buyon.gif" alt="Buy Wine" /></a></li>

<li><a href="specials.html"><img id="specialsnav" src="images/specials.gif" alt="Specials" /></a></li>

<img id="bottlebase" src="images/bottlebase.gif" alt="Menu Img" />

</div>
<!-- Bottle Nav -->

<!-- Banner --> 
<div id="banner"> 

<img id="bannernameimg" src="images/bannername.gif" alt="vinoviejo.com" />

</div> 
<!-- END Banner -->

<!-- Main --> 
<div id="main"> 

<!-- Insert Data into table Customers -->
<?php
$totalcost = 0;   // Set totalcost to '0'
require_once ('./mysql_connect.php');  // Connect to db
mysql_select_db("root", $dbc);     // Select db


// Here is our insertion of customers details but it doesn't work 
// The data is not introduce into the table customers 

/*  We think this is the right code and the errors are because the syntax ("")
$query="INSERT INTO customers (name, address, pass, email, comments)
VALUES ('.mysql_escape_string($_SESSION["customers"][1]).', 
'.mysql_escape_string($_SESSION["customers"][2]).', 
'.mysql_escape_string($_SESSION["customers"][3]).', 
'.mysql_escape_string($_SESSION["customers"][4]).', 
'.mysql_escape_string($_SESSION[customers"][7]).')";
The transaction has been produced but we cannot see the data introduced into
table customers
*/

$_SESSION["customer"][0] = $_POST["customer_id"];

$_SESSION["customer"][1] = $_POST["name"];

$_SESSION["customer"][2] = $_POST["address"];

$_SESSION["customer"][3] = $_POST["pass"];

$_SESSION["customer"][4] = $_POST["email"];

$_SESSION["customer"][5] = $_POST["number"];

$_SESSION["customer"][6] = $_POST["date"];

$_SESSION["customer"][7] = $_POST["comments"];


$query="INSERT INTO customers (name, address, pass, email, comments)
VALUES ('".mysql_escape_string($_SESSION['customers'][1])."', 
'".mysql_escape_string($_SESSION['customers'][2])."', 
'".mysql_escape_string($_SESSION['customers'][3])."', 
'".mysql_escape_string($_SESSION['customers'][4])."', 
'".mysql_escape_string($_SESSION['customers'][7])."')";

if (!mysql_query($query,$dbc))
    		
{
// id doesn't give error in the db connection
die('Error: ' . mysql_error());
   
}
// We use the function mysql_insert_id to add the id of the URL to our
// $customer_id
$customer_id = mysql_insert_id(); 	
$purchase_date = date(DATE_RSS); // The date is not introduce either

// We try to change the data format to
// $purchase_date = getdate(date("U")); , but it doesn't work either

// Insert customer and date into table Orders	
// Again Introduction into table orders works, but order_date is not
$query="INSERT INTO orders (customer_id, order_date)
VALUES ('$customer_id', '$purchase_date')";
if (!mysql_query($query,$dbc)) {

die('Error: ' . mysql_error()); 
   		
}
// we use the function mysql_insert_id function to assign the value of the URL 
// to the $order_id
$order_id = mysql_insert_id(); 
// This will list all the wines in our basket 
for ($i = 0, $wineselect = 0; $i < count ($_SESSION['basket']); $i++){ 

// add the wines selected to basket to payment
$wineselect = $_SESSION['basket'] [$i];	
// Assign all the wines selected to the variable $results
$result = mysql_query ("SELECT * FROM wines WHERE wine_id IN ($wineselect )"); 

//Total cost 
// Reading every record from the query
$row = mysql_fetch_array($result); 
// We setup at the beginning $totalcost to '0' now we add 
// the price column for every wine in the basket and we add them
// $totalcost now hold the total price without any discount
$totalcost = $totalcost + $row ['price']; 
}
//Take one from our stock

$row['stock'] = $row['stock'] - 1;	

// Updating Stock	
$updatedstock = $row['stock'];
$lookid = $row['wine_id'];
//
mysql_query("UPDATE wines SET stock = '$updatedstock'
WHERE wine_id = '$lookid'"); 
$query="INSERT INTO order_content (order_id, wine_id)
VALUES ('$order_id', '$wineselect')";
if (!mysql_query($query,$dbc)) {
die('Error: ' . mysql_error());
}

}
mysql_close($dbc); // close connection to database

?>


<?php // End Session Customers
session_destroy(); 
?>

<!-- About --> 
<div id="about">

<h1>Thank you for your purchase!</h1>
<h1> We hope you enjoy the wine</h1>
<br />
<h1> We hope to see you back</h1>

</div>
<!-- END About -->

<!-- Footer -->
<div id="footer">

<!-- Source Code Text -->
<a href="code.txt">SOURCE CODE</a>

<!-- Begin Date -->
<?php
$my_t=getdate(date("U"));
print("$my_t[weekday], $my_t[month] $my_t[mday], $my_t[year]");
?>
<!-- End Date -->

</div>
<!-- END Footer -->

<!-- About --> 
<div id="about">

This site is entirely fictional. 

</div> 
<!-- END About -->

</div> 
<!-- END Main -->

</div>  
<!-- END Wrapper -->  

</body> 
</html>

 

EDITED BY WILDTEEN88: Please wrap code within code tags (

)

[ignace]

It's mysql_real_escape_string() not mysql_escape_string()

 

add this code on top of your script:

 

error_reporting(E_ALL);