Jump to content


Photo

session variable


  • Please log in to reply
3 replies to this topic

#1 jbille

jbille
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 11 October 2006 - 08:54 PM

Hello I have an html form (findproduct.html)which asks for a product number in order to edit the details of that product.  What I am trying to provide is a way to edit anything about that product, including the product number.  When the user enters it and clicks submit a php file (findproduct.php) finds the product through MySQL and outputs the info about the product in another form.  The user can then edit the form appropriately.  When submit is clicked another file (editproduct.php) performs a query to MySQL and updates the information.  However I cannot perform the query correctly because it is using product number from the second form, not the first.  If anyone can help it would be greatly appreciated.  My code is listed below.


-----------------------------findproduct.html----------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR...l1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xml:lang="en" lang="en">
<head><title>Administration Page</title>
<link rel=stylesheet href="main.css" type="text/css"></head>
<body bgcolor="#204D70">
<table  bgcolor="white" frame="box" border="0" width="700" cellpadding="0" cellspacing="0" align="center" valign="center" height=600>
<tr>
<td>
<table bgcolor="#C76114" border="0" cellpadding="5" cellspacing="0" align="center" valign="center">
<form name="findproduct" action="findproduct.php" method="POST" id="findproduct">
<tr><td align="center" class="adminform">Product Number:</td><td></td><td><input type="text" name="number1" id="number1" size="27" /></td></tr>
<tr><td></td><td></td><td align="right"><input type="submit" value="submit"></td></tr>
</form>
</table>
</td>
</tr>
</body>
</html>




----------------------findproduct.php-----------------------------
<?php
session_start();

$host = localhost;
$user = websters;
$pass = west4;
$dbname = WebSter;

$prodnumber = $_POST['number1'];
$_SESSION['prodnumber'] = $prodnumber;


$link = mysql_connect($host, $user, $pass);
if (!$link) {
  die('Not connected : ');
}
mysql_select_db($dbname, $link) or die("Unable to select database");
$query ="SELECT * FROM electrical WHERE (number = " . $prodnumber . ")";
$result = mysql_query($query);
if (!result) {
echo "Product Number could not be found.  Please go back and try again";
}

while($row = mysql_fetch_array($result, MYSQL_NUM))
{
    $name = $row[0];
    $number = $row[1];
    $price = $row[2];
    $order = $row[3];
    $description = $row[4];
    $picture = $row[5];
    }

    echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"
    \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\"
      xml:lang=\"en\" lang=\"en\">
      <body><head><title>Edit product</title>
<link rel=stylesheet href=\"main.css\" type=\"text/css\"></head>
<body bgcolor=\"#204D70\">
<table  bgcolor=\"white\" frame=\"box\" border=\"0\" width=\"700\" cellpadding=\"0\" cellspacing=\"0\" align=\"center\"  valign=\"center\" height=600>
<tr><td align=\"center\" class=\"admin\">Edit a product</td></tr>

<tr>
<td>
<table bgcolor=\"#C76114\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\" align=\"center\" valign=\"center\">
<form name=\"editproduct\" action=\"editproduct.php\" method=\"POST\" encytype=\"multipart/form-data\">
<tr><td class=\"adminform\">Product Name:</td><td></td><td><input type=\"text\" value=" . $name . " name=\"name\" id=\"name\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Product Number:</td><td align=\"right\" class=\"adminform\">#</td><td><input value=" . $prodnumber . " type=\"text\" name=\"number\" id=\"number\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Product Price:</td><td align=\"right\" class=\"adminform\">$</td><td valign=\"top\"><input type=\"text\" value=" . $price . " name=\"price\" id=\"price\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Where do you want this item to be in the list?:</td><td></td><td><input type=\"text\" value=" . $order . " name=\"order\" id=\"order\" size=\"27\" /></td></tr>
    <tr><td class=\"adminform\">What category do you want the product to go in?:</td><td></td>
    <td><select id=\"category\" name=\"category\" size=\"1\" value=\"electrical\">
<option value=\"0\">Choose a category</option>
<option value=\"electrical\">Electrical</option>
<option value=\"hydraulic\">Hydraulic</option>
<option value=\"air\">Air</option>
<option value=\"springs\">Springs</option>
<option value=\"shoes\">Brake Shoes</option>
<option value=\"suspension\">Suspension</option>
</select></td>
<tr><td valign=\"top\" class=\"adminform\">Product Description:</td><td></td><td><textarea name=\"description\" cols=20 rows=6>" . $description . "</textarea></td></tr>
<tr>
<td class=\"adminform\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" />Upload this picture: </td>
<td></td>
<td><input name=\"picture\" value=\"something\" type=\"file\" />
    </td>
    </tr>
    <tr height=\"10\"></tr>
  <tr><td></td><td></td><td align=\"left\"><input type=\"submit\" value=\"submit\"></td></tr>
    </form>
  </table>
    </td>
    </tr>
</table>
</body>
</html>";


mysql_close($link);

?>


------------------------editproduct.php--------------------------
<?php

session_start();

$host = localhost;
$user = websters;
$pass = west4;
$dbname = WebSter;

$name = $_POST['name'];
$number = $_POST['number'];
$price = $_POST['price'];
$order = $_POST['order'];
$category = $_POST['category'];
$description = $_POST['description'];
$picture = $_POST['picture'];

if((empty($name)) || (empty($number)) || (empty($price))
|| (empty($order)) || (empty($category)) || (empty($description)) || (empty($picture)))
{
echo "Please go back and fill in the following information: <br><br>";
if(empty($name)) echo ("Product Name <br>");
if(empty($number)) echo ("Product Number<br>");
if(empty($price)) echo ("Product Price<br>");
if(empty($order)) echo ("Order of item in the list<br>");
if(empty($category)) echo ("Category must be picked<br>");
if(empty($description)) echo ("Product Description<br>");
if(empty($picture)) echo ("Please upload a photo<br>");
exit(1);
}

$data = addslashes(fread(fopen($picture, "r"), filesize($picture)));

$link = mysql_connect($host, $user, $pass);
if (!$link) {
  die('Not connected : ');
}
mysql_select_db($dbname, $link) or die("Unable to select database");

$prodnumber = $_SESSION['prodnumber'];

$query ="UPDATE " . $category . " SET number='$number' WHERE number='$prodnumber'";
mysql_query($query) or die('Error, query failed, Call Jimmy (330)268-9271');

mysql_close($link);

echo "<html><body><p>Thank you. <a href=\"findproduct.html\">Click here</a> to edit another product
or <a href=\"admin.html\">here</a> to return to administration home page <br>";

echo $_SESSION['prodnumber'];

session_destroy();

?>

#2 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 11 October 2006 - 09:24 PM

I'm not sure about this, but I believe if you want to change the primary key field of a row, you have to delete the old row and then insert a new record and specify the new primary key explicitly.  Your $prodnumber  looks like the primary key.

#3 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 11 October 2006 - 09:53 PM

Ok, in...

// findproduct.php

<?php
   session_start();

   $host = localhost;
   $user = websters;
   $pass = west4;
   $dbname = WebSter;
   
   $prodnumber = $_POST['number1'];
   $_SESSION['prodnumber'] = $prodnumber;
   

   $link = mysql_connect($host, $user, $pass);
   if (!$link) {
      die('Not connected : ');
   }
   mysql_select_db($dbname, $link) or die("Unable to select database");
   $query ="SELECT * FROM electrical WHERE (number = " . $prodnumber . ")";
   $result = mysql_query($query);
   if (!result) {
      echo "Product Number could not be found.  Please go back and try again";
   }

You have the code, but your logic seemd out of order! Your session seems like it is only started to set the prodnumber, but you set it even if you don't have a POST request or a valid number1. So your doing things that do nothing if the request is not valid. Better logic would only start the session and assign prodnumber a value only when it is found to be valid. Secondly you need to exit(), if the number1 value is not found in the database, and last you need to validate your form data!

Now if it was me, I could change the above (2) ways, (1) don't use a session at all, or (2) reorder your logic and still use the session. Seeing your using a session I will make my example using the session method, but I would really not use a session at all!


----------------------findproduct.php-----------------------------

<?php

$host       = 'localhost';
$user       = 'websters';
$pass       = 'west4';
$dbname     = 'WebSter';
$prodnumber = 0;


if ( isset ( $_POST['number1'] ) )
{
	$prodnumber = intval ( $_POST['number1'] );
}

if ( $prodnumber > 0 )
{
	$link = mysql_connect ( $host, $user, $pass ) die ( 'Not connected : ' . mysql_error () );

	mysql_select_db  ($dbname, $link ) or die ( 'Unable to select database: ' .mysql_error () );

	$result = mysql_query ( "SELECT * FROM electrical WHERE number = " . $prodnumber );

	if ( mysql_num_rows ( $result ) == 1 )
	{
		session_start ();

		$_SESSION['prodnumber'] = $prodnumber;

		session_write_close ();

		$row = mysql_fetch_array ( $result, MYSQL_NUM );

    		$name        = $row[0];
    		$number      = $row[1];
    		$price       = $row[2];
    		$order       = $row[3];
    		$description = $row[4];
    		$picture     = $row[5];

    echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"
    \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\" 
      xml:lang=\"en\" lang=\"en\">
      <body><head><title>Edit product</title>
<link rel=stylesheet href=\"main.css\" type=\"text/css\"></head>
<body bgcolor=\"#204D70\">
<table  bgcolor=\"white\" frame=\"box\" border=\"0\" width=\"700\" cellpadding=\"0\" cellspacing=\"0\" align=\"center\"  valign=\"center\" height=600>
	<tr><td align=\"center\" class=\"admin\">Edit a product</td></tr>

	<tr>
		<td>
			<table bgcolor=\"#C76114\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\" align=\"center\" valign=\"center\">
			<form name=\"editproduct\" action=\"editproduct.php\" method=\"POST\" encytype=\"multipart/form-data\">	
			<tr><td class=\"adminform\">Product Name:</td><td></td><td><input type=\"text\" value=" . $name . " name=\"name\" id=\"name\" size=\"27\" /></td></tr>
			<tr><td class=\"adminform\">Product Number:</td><td align=\"right\" class=\"adminform\">#</td><td><input value=" . $prodnumber . " type=\"text\" name=\"number\" id=\"number\" size=\"27\" /></td></tr>
			<tr><td class=\"adminform\">Product Price:</td><td align=\"right\" class=\"adminform\">$</td><td valign=\"top\"><input type=\"text\" value=" . $price . " name=\"price\" id=\"price\" size=\"27\" /></td></tr>
			<tr><td class=\"adminform\">Where do you want this item to be in the list?:</td><td></td><td><input type=\"text\" value=" . $order . " name=\"order\" id=\"order\" size=\"27\" /></td></tr>
    		<tr><td class=\"adminform\">What category do you want the product to go in?:</td><td></td>
    		<td><select id=\"category\" name=\"category\" size=\"1\" value=\"electrical\">
			<option value=\"0\">Choose a category</option> 
			<option value=\"electrical\">Electrical</option>
			<option value=\"hydraulic\">Hydraulic</option>
			<option value=\"air\">Air</option>
			<option value=\"springs\">Springs</option>
			<option value=\"shoes\">Brake Shoes</option>
			<option value=\"suspension\">Suspension</option> 
			</select></td>
			<tr><td valign=\"top\" class=\"adminform\">Product Description:</td><td></td><td><textarea name=\"description\" cols=20 rows=6>" . $description . "</textarea></td></tr>
			<tr>
			<td class=\"adminform\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" />Upload this picture: </td>
			<td></td>
			<td><input name=\"picture\" value=\"something\" type=\"file\" />
    		</td>
    		</tr>
    		<tr height=\"10\"></tr>
  			<tr><td></td><td></td><td align=\"left\"><input type=\"submit\" value=\"submit\"></td></tr>
    		</form>
  			</table>
    	</td>
    </tr>
</table>
</body>
</html>";
	}
}

echo 'Product Number ' . ( $prodnumber > 0 ? 'could not be found' : 'was not entered' ) . '.  Please <a href='findproduct.html'>go back</a> and try again';

exit ();

?>


Then in....

------------------------editproduct.php--------------------------
<?php

	session_start();

	if ( ! isset ( $_SESSION['prodnumber'] ) )
	{
		echo 'This page was not called by the form designed to hande this request.  Please <a href='findproduct.html'>go back</a> and try again';

		exit ();
	}

	$host   = 'localhost';
	$user   = 'websters';
	$pass   = 'west4';
	$dbname = 'WebSter';

	
	$name = $_POST['name'];
	$number = $_POST['number'];
	$price = $_POST['price'];
	$order = $_POST['order'];
	$category = $_POST['category'];
	$description = $_POST['description'];
	$picture = $_POST['picture'];
	
	if((empty($name)) || (empty($number)) || (empty($price)) 
	|| (empty($order)) || (empty($category)) || (empty($description)) || (empty($picture)))
	{
		echo "Please go back and fill in the following information: <br><br>";
		if(empty($name)) echo ("Product Name <br>");
		if(empty($number)) echo ("Product Number<br>");
		if(empty($price)) echo ("Product Price<br>");
		if(empty($order)) echo ("Order of item in the list<br>");
		if(empty($category)) echo ("Category must be picked<br>");
		if(empty($description)) echo ("Product Description<br>");
		if(empty($picture)) echo ("Please upload a photo<br>");
		exit(1);
	}
	
	$data = addslashes(fread(fopen($picture, "r"), filesize($picture)));
	
	$link = mysql_connect($host, $user, $pass);
	if (!$link) {
   	die('Not connected : ');
	}
	mysql_select_db($dbname, $link) or die("Unable to select database");
	
	$prodnumber = $_SESSION['prodnumber'];
	
	$query ="UPDATE " . $category . " SET number='$number' WHERE number='$prodnumber'"; 
	mysql_query($query) or die('Error, query failed, Call Jimmy (330)268-9271');
	
	mysql_close($link);
	
	echo "<html><body><p>Thank you. <a href=\"findproduct.html\">Click here</a> to edit another product
			or <a href=\"admin.html\">here</a> to return to administration home page <br>";
			
	$_SESSION = array ();
	session_destroy ();
?>


me!

#4 jbille

jbille
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 12 October 2006 - 02:11 AM

Thank you both for your replies.  I used both suggestions to solve the problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users