Jump to content

session variable


jbille

Recommended Posts

Hello I have an html form (findproduct.html)which asks for a product number in order to edit the details of that product.  What I am trying to provide is a way to edit anything about that product, including the product number.  When the user enters it and clicks submit a php file (findproduct.php) finds the product through MySQL and outputs the info about the product in another form.  The user can then edit the form appropriately.  When submit is clicked another file (editproduct.php) performs a query to MySQL and updates the information.  However I cannot perform the query correctly because it is using product number from the second form, not the first.  If anyone can help it would be greatly appreciated.  My code is listed below.


-----------------------------findproduct.html----------------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xml:lang="en" lang="en">
<head><title>Administration Page</title>
<link rel=stylesheet href="main.css" type="text/css"></head>
<body bgcolor="#204D70">
<table  bgcolor="white" frame="box" border="0" width="700" cellpadding="0" cellspacing="0" align="center" valign="center" height=600>
<tr>
<td>
<table bgcolor="#C76114" border="0" cellpadding="5" cellspacing="0" align="center" valign="center">
<form name="findproduct" action="findproduct.php" method="POST" id="findproduct">
<tr><td align="center" class="adminform">Product Number:</td><td></td><td><input type="text" name="number1" id="number1" size="27" /></td></tr>
<tr><td></td><td></td><td align="right"><input type="submit" value="submit"></td></tr>
</form>
</table>
</td>
</tr>
</body>
</html>




----------------------findproduct.php-----------------------------
<?php
session_start();

$host = localhost;
$user = websters;
$pass = west4;
$dbname = WebSter;

$prodnumber = $_POST['number1'];
$_SESSION['prodnumber'] = $prodnumber;


$link = mysql_connect($host, $user, $pass);
if (!$link) {
  die('Not connected : ');
}
mysql_select_db($dbname, $link) or die("Unable to select database");
$query ="SELECT * FROM electrical WHERE (number = " . $prodnumber . ")";
$result = mysql_query($query);
if (!result) {
echo "Product Number could not be found.  Please go back and try again";
}

while($row = mysql_fetch_array($result, MYSQL_NUM))
{
    $name = $row[0];
    $number = $row[1];
    $price = $row[2];
    $order = $row[3];
    $description = $row[4];
    $picture = $row[5];
    }

    echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"
    \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\"
      xml:lang=\"en\" lang=\"en\">
      <body><head><title>Edit product</title>
<link rel=stylesheet href=\"main.css\" type=\"text/css\"></head>
<body bgcolor=\"#204D70\">
<table  bgcolor=\"white\" frame=\"box\" border=\"0\" width=\"700\" cellpadding=\"0\" cellspacing=\"0\" align=\"center\"  valign=\"center\" height=600>
<tr><td align=\"center\" class=\"admin\">Edit a product</td></tr>

<tr>
<td>
<table bgcolor=\"#C76114\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\" align=\"center\" valign=\"center\">
<form name=\"editproduct\" action=\"editproduct.php\" method=\"POST\" encytype=\"multipart/form-data\">
<tr><td class=\"adminform\">Product Name:</td><td></td><td><input type=\"text\" value=" . $name . " name=\"name\" id=\"name\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Product Number:</td><td align=\"right\" class=\"adminform\">#</td><td><input value=" . $prodnumber . " type=\"text\" name=\"number\" id=\"number\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Product Price:</td><td align=\"right\" class=\"adminform\">$</td><td valign=\"top\"><input type=\"text\" value=" . $price . " name=\"price\" id=\"price\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Where do you want this item to be in the list?:</td><td></td><td><input type=\"text\" value=" . $order . " name=\"order\" id=\"order\" size=\"27\" /></td></tr>
    <tr><td class=\"adminform\">What category do you want the product to go in?:</td><td></td>
    <td><select id=\"category\" name=\"category\" size=\"1\" value=\"electrical\">
<option value=\"0\">Choose a category</option>
<option value=\"electrical\">Electrical</option>
<option value=\"hydraulic\">Hydraulic</option>
<option value=\"air\">Air</option>
<option value=\"springs\">Springs</option>
<option value=\"shoes\">Brake Shoes</option>
<option value=\"suspension\">Suspension</option>
</select></td>
<tr><td valign=\"top\" class=\"adminform\">Product Description:</td><td></td><td><textarea name=\"description\" cols=20 rows=6>" . $description . "</textarea></td></tr>
<tr>
<td class=\"adminform\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" />Upload this picture: </td>
<td></td>
<td><input name=\"picture\" value=\"something\" type=\"file\" />
    </td>
    </tr>
    <tr height=\"10\"></tr>
  <tr><td></td><td></td><td align=\"left\"><input type=\"submit\" value=\"submit\"></td></tr>
    </form>
  </table>
    </td>
    </tr>
</table>
</body>
</html>";


mysql_close($link);

?>


------------------------editproduct.php--------------------------
<?php

session_start();

$host = localhost;
$user = websters;
$pass = west4;
$dbname = WebSter;

$name = $_POST['name'];
$number = $_POST['number'];
$price = $_POST['price'];
$order = $_POST['order'];
$category = $_POST['category'];
$description = $_POST['description'];
$picture = $_POST['picture'];

if((empty($name)) || (empty($number)) || (empty($price))
|| (empty($order)) || (empty($category)) || (empty($description)) || (empty($picture)))
{
echo "Please go back and fill in the following information: <br><br>";
if(empty($name)) echo ("Product Name <br>");
if(empty($number)) echo ("Product Number<br>");
if(empty($price)) echo ("Product Price<br>");
if(empty($order)) echo ("Order of item in the list<br>");
if(empty($category)) echo ("Category must be picked<br>");
if(empty($description)) echo ("Product Description<br>");
if(empty($picture)) echo ("Please upload a photo<br>");
exit(1);
}

$data = addslashes(fread(fopen($picture, "r"), filesize($picture)));

$link = mysql_connect($host, $user, $pass);
if (!$link) {
  die('Not connected : ');
}
mysql_select_db($dbname, $link) or die("Unable to select database");

$prodnumber = $_SESSION['prodnumber'];

$query ="UPDATE " . $category . " SET number='$number' WHERE number='$prodnumber'";
mysql_query($query) or die('Error, query failed, Call Jimmy (330)268-9271');

mysql_close($link);

echo "<html><body><p>Thank you. <a href=\"findproduct.html\">Click here</a> to edit another product
or <a href=\"admin.html\">here</a> to return to administration home page <br>";

echo $_SESSION['prodnumber'];

session_destroy();

?>
Link to comment
Share on other sites

Ok, in...

// findproduct.php

[code]<?php
  session_start();

  $host = localhost;
  $user = websters;
  $pass = west4;
  $dbname = WebSter;
 
  $prodnumber = $_POST['number1'];
  $_SESSION['prodnumber'] = $prodnumber;
 

  $link = mysql_connect($host, $user, $pass);
  if (!$link) {
      die('Not connected : ');
  }
  mysql_select_db($dbname, $link) or die("Unable to select database");
  $query ="SELECT * FROM electrical WHERE (number = " . $prodnumber . ")";
  $result = mysql_query($query);
  if (!result) {
      echo "Product Number could not be found.  Please go back and try again";
  }[/code]

You have the code, but your logic seemd out of order! Your session seems like it is only started to set the [b]prodnumber[/b], but you set it even if you don't have a [b]POST[/b] request or a valid [b]number1[/b]. So your doing things that do nothing if the request is not valid. Better logic would only start the session and assign prodnumber a value only when it is found to be valid. Secondly you need to exit(), if the number1 value is not found in the database, and last you need to validate your form data!

Now if it was me, I could change the above (2) ways, (1) don't use a session at all, or (2) reorder your logic and still use the session. Seeing your using a session I will make my example using the session method, but I would really not use a session at all!


----------------------findproduct.php-----------------------------

[code]<?php

$host      = 'localhost';
$user      = 'websters';
$pass      = 'west4';
$dbname    = 'WebSter';
$prodnumber = 0;


if ( isset ( $_POST['number1'] ) )
{
$prodnumber = intval ( $_POST['number1'] );
}

if ( $prodnumber > 0 )
{
$link = mysql_connect ( $host, $user, $pass ) die ( 'Not connected : ' . mysql_error () );

mysql_select_db  ($dbname, $link ) or die ( 'Unable to select database: ' .mysql_error () );

$result = mysql_query ( "SELECT * FROM electrical WHERE number = " . $prodnumber );

if ( mysql_num_rows ( $result ) == 1 )
{
session_start ();

$_SESSION['prodnumber'] = $prodnumber;

session_write_close ();

$row = mysql_fetch_array ( $result, MYSQL_NUM );

    $name        = $row[0];
    $number      = $row[1];
    $price      = $row[2];
    $order      = $row[3];
    $description = $row[4];
    $picture    = $row[5];

    echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"
    \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\"
      xml:lang=\"en\" lang=\"en\">
      <body><head><title>Edit product</title>
<link rel=stylesheet href=\"main.css\" type=\"text/css\"></head>
<body bgcolor=\"#204D70\">
<table  bgcolor=\"white\" frame=\"box\" border=\"0\" width=\"700\" cellpadding=\"0\" cellspacing=\"0\" align=\"center\"  valign=\"center\" height=600>
<tr><td align=\"center\" class=\"admin\">Edit a product</td></tr>

<tr>
<td>
<table bgcolor=\"#C76114\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\" align=\"center\" valign=\"center\">
<form name=\"editproduct\" action=\"editproduct.php\" method=\"POST\" encytype=\"multipart/form-data\">
<tr><td class=\"adminform\">Product Name:</td><td></td><td><input type=\"text\" value=" . $name . " name=\"name\" id=\"name\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Product Number:</td><td align=\"right\" class=\"adminform\">#</td><td><input value=" . $prodnumber . " type=\"text\" name=\"number\" id=\"number\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Product Price:</td><td align=\"right\" class=\"adminform\">$</td><td valign=\"top\"><input type=\"text\" value=" . $price . " name=\"price\" id=\"price\" size=\"27\" /></td></tr>
<tr><td class=\"adminform\">Where do you want this item to be in the list?:</td><td></td><td><input type=\"text\" value=" . $order . " name=\"order\" id=\"order\" size=\"27\" /></td></tr>
    <tr><td class=\"adminform\">What category do you want the product to go in?:</td><td></td>
    <td><select id=\"category\" name=\"category\" size=\"1\" value=\"electrical\">
<option value=\"0\">Choose a category</option>
<option value=\"electrical\">Electrical</option>
<option value=\"hydraulic\">Hydraulic</option>
<option value=\"air\">Air</option>
<option value=\"springs\">Springs</option>
<option value=\"shoes\">Brake Shoes</option>
<option value=\"suspension\">Suspension</option>
</select></td>
<tr><td valign=\"top\" class=\"adminform\">Product Description:</td><td></td><td><textarea name=\"description\" cols=20 rows=6>" . $description . "</textarea></td></tr>
<tr>
<td class=\"adminform\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" />Upload this picture: </td>
<td></td>
<td><input name=\"picture\" value=\"something\" type=\"file\" />
    </td>
    </tr>
    <tr height=\"10\"></tr>
  <tr><td></td><td></td><td align=\"left\"><input type=\"submit\" value=\"submit\"></td></tr>
    </form>
  </table>
    </td>
    </tr>
</table>
</body>
</html>";
}
}

echo 'Product Number ' . ( $prodnumber > 0 ? 'could not be found' : 'was not entered' ) . '.  Please <a href='findproduct.html'>go back</a> and try again';

exit ();

?>[/code]


Then in....

------------------------editproduct.php--------------------------
[code]<?php

session_start();

if ( ! isset ( $_SESSION['prodnumber'] ) )
{
echo 'This page was not called by the form designed to hande this request.  Please <a href='findproduct.html'>go back</a> and try again';

exit ();
}

$host  = 'localhost';
$user  = 'websters';
$pass  = 'west4';
$dbname = 'WebSter';


$name = $_POST['name'];
$number = $_POST['number'];
$price = $_POST['price'];
$order = $_POST['order'];
$category = $_POST['category'];
$description = $_POST['description'];
$picture = $_POST['picture'];

if((empty($name)) || (empty($number)) || (empty($price))
|| (empty($order)) || (empty($category)) || (empty($description)) || (empty($picture)))
{
echo "Please go back and fill in the following information: <br><br>";
if(empty($name)) echo ("Product Name <br>");
if(empty($number)) echo ("Product Number<br>");
if(empty($price)) echo ("Product Price<br>");
if(empty($order)) echo ("Order of item in the list<br>");
if(empty($category)) echo ("Category must be picked<br>");
if(empty($description)) echo ("Product Description<br>");
if(empty($picture)) echo ("Please upload a photo<br>");
exit(1);
}

$data = addslashes(fread(fopen($picture, "r"), filesize($picture)));

$link = mysql_connect($host, $user, $pass);
if (!$link) {
  die('Not connected : ');
}
mysql_select_db($dbname, $link) or die("Unable to select database");

$prodnumber = $_SESSION['prodnumber'];

$query ="UPDATE " . $category . " SET number='$number' WHERE number='$prodnumber'";
mysql_query($query) or die('Error, query failed, Call Jimmy (330)268-9271');

mysql_close($link);

echo "<html><body><p>Thank you. <a href=\"findproduct.html\">Click here</a> to edit another product
or <a href=\"admin.html\">here</a> to return to administration home page <br>";

$_SESSION = array ();
session_destroy ();
?>[/code]


me!
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.