Jump to content

Recommended Posts

hello people just wondering if anyone can spot where im going wrong in this script.. If someone clicks the submit button when not entering any fields, for some reason its adding onto the total, the last item added... but if i refresh again it stays the same. probably something simpleany help will be appiceiated

 

<? 

session_start(); 

include 'connect.php';

if (isset($_GET['reset'])){
session_destroy();
header ('location: /');
}

if (isset($_POST['name'])){

$name = $_POST['name'];
$email = $_POST['email'];
$email2 = $_POST['email2'];
$tel = $_POST['tel'];
$mobile = $_POST['mobile'];
$housenum = $_POST['housenum'];
$address = $_POST['address'];
$postcode = $_POST['postcode'];
$total = number_format($_POST['total'], 2);
$dof = $_POST['dof'];
$tof = $_POST['tof'];

$cart = $_POST['cart'];



if (!$name || !$email || !$email2 || !$tel || !$mobile || !$housenum || !$address || !$postcode){
$error = "Please fill in all fields!!";}
//check emails match
else if ($email !=$email2){
$error = "Emails Dont Match!!";	}
//check telephone number is proper length
else if (strlen($tel) <6){
$error = "Please enter a Valid Telephone Number!!";}
//check address is long enough
else if (strlen($address) <6){
$error = "Address!! Not enough character to be valid";} 
//check postcode
else if (strlen($postcode) <5){
$error = "Postcode Not Valid";}	else{

//email to customer
$to = "";
$from = "$email";
$subject = "Your Order - Pitstop Tyres Reading";
//email to user
$emailmessage ="<html>
<body>
<H2>CUSTOMER BOOKING</H2>

Your order is:<br><br>

$cart<br>

Name : $name<br>
Email : $email<br>
Telephone : $tel<br>
Mobile : $mobile<br><br>
Address : $housenum, $address<br><br>
Postcode : $postcode<br>
Date of fitting : $dof<br>
Customer is available : $tof<br><br>
<h2>Order total is : £$total</h2>

</body>
</html>";

//end message
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .="From: $from\r\n";
$headers .="Content-type: text/html\r\n";
$emailmessage = utf8_decode($emailmessage);
//send email
mail($to, $subject, $emailmessage, $headers);

//email to us
//email user activation link
$to = "$email";
$from = "";
$subject = "Your Order - Pitstop Tyres Reading";
//email to user
$emailmessage ="<html>
<body>
Hi, $name,<br><br>

Thank you for using.<br><br>

Your order is being processed and a technician will call you soon<br><br>

Your order is:<br><br>

$cart<br><br>

Name : $name<br>
Email : $email<br>
Telephone : $tel<br>
Mobile : $mobile<br><br>
Address : $housenum, $address<br><br>
Postcode : $postcode<br>
Date of fitting : $dof<br>
You are Available : $tof<br><br>
</body>
</html>";

//end message
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .="From: $from\r\n";
$headers .="Content-type: text/html\r\n";
$emailmessage = utf8_decode($emailmessage);
//send email
mail($to, $subject, $emailmessage, $headers);



$message = "<strong style='color:green;'>Thank you.. Your order is being processed<br>We have emailed you confirming booking and will contact you soon</strong>";
session_destroy();
include_once 'messagetouser.php';
exit();
}

}

function paypal_items(){
$num = 0;
foreach($_SESSION as $name => $value){
	if ($value>0){
		if (substr($name, 0, 5) =='cart_'){
			$id = substr($name, 5, (strlen($name)-5));
                $get = mysql_query('SELECT * FROM tyrelist WHERE id='.mysql_real_escape_string((int)$id));
			while ($get_row = mysql_fetch_assoc($get)){
			$num++;
			$price = $get_row["pricein"];
			$price = $price*1.039+18.00;
			echo '<input type="hidden" name="item_number_'.$num.'" value="'.$id.'">';
			echo '<input type="hidden" name="item_name_'.$num.'" value="'.$get_row['description'].'">';
			echo '<input type="hidden" name="amount_'.$num.'" value="'.number_format($price, 2).'">';
			echo '<input type="hidden" name="quantity_'.$num.'" value="'.$value.'">';
			}
		}
	}
}
}

  foreach ($_SESSION as $name => $value) {
  		if ($value>0){
		if (substr($name, 0, 5) =='cart_'){
			$id = substr($name, 5, (strlen($name)-5));
                $get = mysql_query('SELECT * FROM tyrelist WHERE id='.mysql_real_escape_string((int)$id));
			while ($get_row = mysql_fetch_assoc($get)){
			$price = $get_row["pricein"];
			$price = $price*1.039+18.00;
			$output .= $value.'x '.$get_row['description'].' @ £'.number_format($price, 2).'each<br>';
			}
		}
	}
  }


  

function cart(){
foreach($_SESSION as $name => $value){
	if ($value>0){
		if (substr($name, 0, 5) =='cart_'){
			$id = substr($name, 5, (strlen($name)-5));
			$get = mysql_query('SELECT * FROM tyrelist WHERE id='.mysql_real_escape_string((int)$id));
			while ($get_row = mysql_fetch_assoc($get)){
				$price = $get_row["pricein"];
				$price = $price*1.039+18.00;
				$sub = number_format($price, 2)*$value;
				?>
                    <br><div id="booking">
<div id="size"><? echo $get_row['description']?></div>
<div id="qty"><? echo $value ?></div>
<div id="pricerow">£<? echo number_format($price, 2) ?></div>
<div id="subtotal">  £<? echo number_format($sub, 2) ?></div>
</div>
<div class="clr"></div>
<?				
				}
			}
			$total += $sub;
      }	

	}
?>
		<br><hr><div align="center">The total for this order is : <b>£<? echo number_format($total,2); ?></b></div>
		<?
		$_SESSION['emailtotal'] = $total;
}
  
?>
<!doctype html>
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
body {
background-image: url(images/main_bg.gif);
background-repeat: repeat-x;
background-color: #e9e9e9;
}
</style>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="keywords" content="Tyres in Reading, tyres, car tyres, buy tyres online, buy batteries online, tyre prices, mobile tyre fitting, car batteries, car batteries online, van tyres, low price tyres, leading brand tyres, 4x4 tyres, run flat tyres, car recovery Reading, Reading car recovery" />
<meta name="description" content="Pit Stop Tyres in Reading specialise in the supply and fitting of tyres including car tyres, 4x4 tyres and run flat tyres at your home address or workplace. Our 24h mobile tyre fitting service will come to your home or work address and fit the car tyres leaving your time free for other things. We offer car recovery services" />
<meta name="ROBOTS" content="ALL" />
<meta name="Revisit-After" content="7 days"> 
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<link href="/styles/main.css" rel="stylesheet" type="text/css" />
<link href="style.css" rel="stylesheet" type="text/css" />
<script language="javascript" type="text/javascript" src="datetimepicker.js"></script>
<title>Booking Fitment</title>
</head>
<body>
<div id="searchtop">BOOK NOW ONLINE OR TELEPHONE 01189 560 003</div>
<div class="clr"></div>
<div id="searchtopright"><ul>
        <li><a href="index.php" class="active"><span>Home</span></a></li>
<li><a href="about.html"><span> About Us</span></a></li>
        <li><a href="services.html"><span> Services </span></a></li>
        <li><a href=""><span> Shop OnLine</span></a></li>
        <li><a href="contact.html"><span> Contact Us</span></a></li>
      </ul></div>
<div class="clr"></div>
<div align="center"><b style="color:red;"><? echo $error; ?></b></div>
<br>
<form action="book.php" method="post" name="tstest">
<table id="booktext" align="center" width="700" border="0">
  <tr>
    <th class="bookhead" colspan="2" scope="col" bgcolor="#666666">Online Booking</th>
    </tr>
  <tr>
    <td width="208"><div align="right">Name</div></td>
    <td width="478"><input name="name" type="text" id="name" value="<? echo $_POST['name']; ?>" size="50" maxlength="35"></td>
  </tr>
  <tr>
    <td><div align="right">Email</div></td>
    <td><input name="email" type="email" id="email" value="<? echo $_POST['email']; ?>" size="50"></td>
  </tr>
  <tr>
    <td><div align="right">Confirm Email</div></td>
    <td><input type="email" name="email2" id="email2" size="50">
      </td>
  </tr>
  <tr>
    <td><div align="right">Telephone</div></td>
    <td><input name="tel" type="text" id="tel" value="<? echo $_POST['tel']; ?>"size="50" maxlength="15"></td>
  </tr>
  <tr>
    <td><div align="right">Mobile</div></td>
    <td><input name="mobile" type="text" id="mobile" value="<? echo $_POST['mobile']; ?>"size="50" maxlength="15"></td>
  </tr>
  <tr>
    <th class="bookhead" colspan="2" scope="col" bgcolor="#666666">Address Details</h1></th>
    <td width="0"></td>
    </tr>
  <tr>
  <tr>
    <td><div align="right">House Number/Name</div></td>
    <td><input name="housenum" type="text" id="housenum" value="<? echo $_POST['housenum']; ?>" size="50" maxlength="20"></td>
  </tr>
    <td valign="top"><div align="right">Address</div></td>
    <td><textarea name="address" cols="50" rows="6"><? echo $_POST['address']; ?></textarea></td>
  </tr>
  <tr>
    <td><div align="right">Postcode</div></td>
    <td><input name="postcode" type="text" id="postcode" value="<? echo $_POST['postcode']; ?>" size="50" maxlength="10"></td>
  </tr>
  <tr>
    <td><div align="right">Date of fitting</div></td>
    <td><input id="demo1" name="dof" type="text" size="25"><a href="javascript:NewCal('demo1','ddmmyyyy')"><img src="images/cal.gif" width="16" height="16" border="0" alt="Pick a date"></a>
</td>
<tr>
    <td><div align="right">Availability</div></td>
    <td><label for="tof"></label>
      <select name="tof" id="select">
        <option selected>All day</option>
        <option>Morning 8am - 12</option>
        <option>afternoon 12 - 17.00pm</option>
        <option>Call to discuss</option>
      </select></td>
  </tr>
<tr>
    <td colspan="2" align="center"><br>
      You have ordered<hr></td>
    </tr>
  <tr>
    <td colspan="2"><b><? echo cart(); ?></b></td>
    </tr>
  <tr>
    <td colspan="2" align="center"></td>
    </tr>
  <tr>
    <td colspan="2" align="center"><input type="hidden" name="cart" value="<? echo $output;?>"><input type="hidden" name="total" value="<? echo $_SESSION['emailtotal'];?>"><? echo paypal_items()?><input name="submit" type="submit" value="Place Your Order" id="placeorder"><a style="text-decoration:none;" href="/"><input name="" id="moretyres" type="button" value="Add More Tyres"></a></td>
    </tr>
</table>
</form>
<br>
</body>

Link to comment
https://forums.phpfreaks.com/topic/258700-refresh-problem/
Share on other sites

your problem is here:

if (!$name || !$email || !$email2 || !$tel || !$mobile || !$housenum || !$address || !$postcode){

You see, you assign these variables on the lines above this check, so they exist - regardless of contnent in the $_POST[] fields or not, you are only checking: do these variables exist in this script, answer = yes, you just defined them.  what you need to do is check if they are empty

if (empty($name) || empty($email) || empty($email2) || empty($tel) || empty($mobile) || empty($housenum) || empty($address) || empty($postcode)){

 

this is really not proper input checking, you should do some more complex checks on this.  If I came along to your form and filled out every field with 6 spaces it would submit.  Also, I could spam the ass out of you using it and not have a single mail come back to me.

Link to comment
https://forums.phpfreaks.com/topic/258700-refresh-problem/#findComment-1326305
Share on other sites

Just feel like making a bit of a correction:

 

your problem is here:

if (!$name || !$email || !$email2 || !$tel || !$mobile || !$housenum || !$address || !$postcode){

You see, you assign these variables on the lines above this check, so they exist - regardless of contnent in the $_POST[] fields or not, you are only checking: do these variables exist in this script, answer = yes, you just defined them.  what you need to do is check if they are empty

if (empty($name) || empty($email) || empty($email2) || empty($tel) || empty($mobile) || empty($housenum) || empty($address) || empty($postcode)){

1. They do not "exist" if they weren't submitted (eg, the form wasn't submitted). That's because $_POST[foo] doesn't exist, resolves to null, gets assigned to whatever variables, which then (a) don't "exist" because they have a null value, thus (b) aren't isset(), and so © are empty(). They only exist if they were submitted with any value at all, but the best part is doing !$foo will create problems when it shouldn't - like if $foo="0". That's true for empty() too actually.

2. OP has to do empty() on what's in $_POST or else PHP can/will fire undefined offset warnings during the assignments.

3. The two bits of quoted code are identical. They do exactly the same thing. There is no difference.

Link to comment
https://forums.phpfreaks.com/topic/258700-refresh-problem/#findComment-1326332
Share on other sites

Well that's me got a nice shiny new one ripped for me :P

That's my old school procedural brain defaulting to what it knows best: if you declare it, it exists - if there is something in it or not, it still resides in memory and can be addressed.  That's why I did think that empty($var) and !$var were different checks.

 

goes to show though - it's not just women that shouldn't be taken for granted  ;D

Link to comment
https://forums.phpfreaks.com/topic/258700-refresh-problem/#findComment-1326356
Share on other sites

I'm also really tired so my normal inhibitions are... well... not there.

 

Stuff with forms, assigning stuff that doesn't exist, !$x versus empty($x), it's all very confusing and can take a while to get a handle on. The code bits look different and represent two different things, it's just that in this case they both arrive at the same results.

Link to comment
https://forums.phpfreaks.com/topic/258700-refresh-problem/#findComment-1326361
Share on other sites

would something like this be better then?

  $errorOut = '';
  foreach ($_REQUEST as $key => $value) {
  	$myArray[$key] = trim($value);
  }
  if (isset($myArray['reset'])){
   session_destroy();
   header ('location: /');
  }
  foreach ($myArray as $k => $v){
   if( !$v || empty($v) || $v == ''){
    echo "$k has no value!";
   }
   else{
    if((($k == 'tel' || $k == 'mobile' || $k == 'address')&& (strlen($v) < 6))||($k == 'postcode' && strlen($v) < 5)){
    $errorOut .= "$k does not conform to minimum length requirements.<br>"; 
    }
   } 
  }
  if ($errorOut != ''){
   echo $errorOut;
  }
  else{
  //do whatever
  }

Link to comment
https://forums.phpfreaks.com/topic/258700-refresh-problem/#findComment-1326371
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.