Jump to content

Drop down menu issues

monstaface

By monstaface
in PHP Coding Help

 Share

Recommended Posts

monstaface Newbie

monstaface

Posted
Posted (edited)

I've created a dropdown menu, however nothing below the dropdown shows so that I cannot go to the next page, neither is there a footlayout. I'm sure there's an issue with my code as i'm a new learner and not so talented! I would be grateful for some feedback :)

<?php
session_start();
include ("db.php");
$pagename="Purchases";


echo "<link rel=stylesheet type=text/css href=mystylesheet.css>";

echo "<title>".$pagename."</title>";

include("headlayout3.html");

//display the name of the site and the date dynamically. See uk.php.net
echo date ('l d F Y H:i:s');
echo "<p></p>";
//display name of the page
echo "<h2>".$pagename."</h2>";

if(!isset($_SESSION['uType']))
    die("Please login to continue");


echo "Please choose the selected party:<br></br>";
//Drop down menu

$Party="SELECT * from Party";
$exeParty=mysql_query($Party);
 
echo  "<select>";
while($arrayParty = mysql_fetch_array($exeParty))
{
echo"<option value='partyname'>".$arrayParty['PartyName']."</option>";
}
//Link to next page where a form is to continue 
echo"Please Continue";
echo "<a href=ticket.php>Purchase Ticket</a>";


//include foot layout
include("footlayout.html");
?>
Edited by monstaface
Link to comment
Share on other sites
monstaface Newbie

monstaface

Posted
  • Author
Posted

Im attempting to create a form so that when the event is selected from the dropdown, when the form on the next page is filled in they both save to the table in the database.

 

The form:

$party=$_GET['partyName'];


echo "<form method=post action=BookEvent.php>" ;
echo "<table border=0 cellpadding=5>";
echo "<tr><td>First Name </td>";
echo "<td><input type=text name=r_fn size=35></td></tr>";
echo "<tr><td>Last Name </td>";
echo "<td><input type=text name=r_ln size=35></td></tr>";
echo "<tr><td>Tel No </td>";
echo "<td><input type=text name=r_tn size=35></td></tr>";
echo "<tr><td>Email Address </td>";
echo "<td><input type=text name=r_e size=35></td></tr>";
echo "<tr><td>Ticket Quantity</td>";
echo "<td><input type=text name=r_q size=35></td></tr>";
echo "<tr><td><input type=submit value='Request Ticket'></td></tr>";

echo "</table>";
echo "</form>" ;

The 'bookevent page in correlation with the form:

$quantity=$_POST['r_q'];
$name=$_POST['r_fn'];
$sname=$_POST['r_ln'];
$tel=$_POST['r_tn'];
$email=$_POST['r_e'];
$party=$_GET['partyName'];





 if (!$name or !$sname or !$tel or !$email or !$quantity)
    {
        echo "<p>Your form is incomplete ";
        echo "<br>Please fill in details ";
        include("footlayout.html");

    }
    else

    {
    $SQL="insert into Bookings(customerFName, customerSName, customerTelNo, customerEmail, tickets) values ('".$name."','".$sname."','".$tel."','".$email."','".$quantity."')";
    $exeSQL=mysql_query($SQL);

    echo"Thank you for booking ";
    }


    $ASQL="select Quantity from PARTY where Name='$party'";
    $exeASQL=mysql_query($SQL) or die (mysql_error());
    $array=mysql_fetch_array($exeASQL);
    $quantity=$array['r_q'];

    if ($ticket>$quantity)
    {
    echo"Sorry There are only:" .$quantity;
    include("footlayout.html");
    exit;
    }

    echo"Thank you for booking tickets to";
    echo $party;

My issue is that I am trying to separate the statements after the first 'if' because if all the records are entered correctly, The page echoes both messages the 'Thank you for booking tickets to' and the 'Sorry there are only'  also both variables $quantity and $party don't show their values.

 

Please help me out, I'm new to coding and attempting to teach myself. I would be extremely grateful!

Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

Remember when you promised to escape all user input? Now you're again happily stuffing raw input into query strings. 

 

Do you not understand how dangerous this is? It allows anybody to manipulate the queries in any way they want. This can be used to steal all data or even compromise the entire server. Yes, people do that, and it's not even difficult.

 

You need to start thinking about security. The Internet is a hostile environment with a lot of criminals and script kiddies who would love to take over your server.

 

While you're at it, get rid of this stupid mysql_* stuff. It's obsolete since more than 10 years and will be removed in the near future. We use PDO and MySQLi now.

Link to comment
Share on other sites
adam_bray Newbie

adam_bray

Posted
Posted

Here's a very basic example of how to improve it. Read through the comments to understand the changes.

 

There's still much more that can be done to improve this, but there's no point doing it all for you.

<?php

	// Process the form
	if( isset( $_POST['r_p'] ) )
	{
		// Let's add *some* protection to our strings
		$quantity 	= mysql_real_escape_string($_POST['r_q']);
		$name 		= mysql_real_escape_string($_POST['r_fn']);
		$sname 		= mysql_real_escape_string($_POST['r_ln']);
		$tel 		= mysql_real_escape_string($_POST['r_tn']);
		$email 		= mysql_real_escape_string($_POST['r_e']);
		$party 		= mysql_real_escape_string($_POST['r_p']);

		// Do some very basic checks against the posted variables
 		if( strlen($name) < 3 || strlen($sname) < 3 || strlen($tel) < 1 || strlen($email) < 3 || (strlen($quantity) < 1 || !is_numeric( $quantity )) ) 
		{
			echo '<p>Your form is incomplete</p>
			<p>Please fill in details</p>';
			
			include_once('footlayout.html');
			exit;
		}
    	else
   		{
    		$quantity_query = mysql_query('SELECT Quantity FROM PARTY WHERE Name=\''.$party.'\' LIMIT 1;') or die( 'MySQL Error: ' . mysql_error() ); // Get the party info
			if( mysql_num_rows( $quantity_query ) > 0 ) // Check the party exists
			{
				$available = mysql_fetch_array( $quantity_query ); // Fetch the array
				$available = $available['r_q']; // Make the number of tickets available the variable
				
				if( $quantity <= $available ) // Check the user hasn't ordered too many tickets
				{
					$sql = mysql_query('
					INSERT INTO Bookings
					(customerFName, customerSName, customerTelNo, customerEmail, tickets) 
					VALUES(\''.$name.'\',\''.$sname.'\',\''.$tel.'\',\''.$email.'\',\''.$quantity.'\');') or die( 'MySQL Error: ' . mysql_error() ); // Insert the booking
		
					if( $sql ) // If the booking worked
					{
						echo 'Thank you '.$name.' for booking '.$quantity.' tickets to '.$party.'.'; // Tell them it worked!
						include_once('footlayout.html');
						exit;
					}
					else // If the booking query didn't work
					{
						echo 'There\'s been a problem inserting into the DB!';
						include_once('footlayout.html');
						exit;
					}
				}
				else // If the user has ordered too many tickets
				{
					echo 'You\'ve selected more tickets than we can provide.';
					include_once('footlayout.html');
					exit;
				}
			}
			else // If the party doesn't exist
			{
				echo 'Cannot find '.$party.' in the database!';
				include_once('footlayout.html');
				exit;
			}
		}
    }
	
	// Display the form
	$party = $_GET['partyName'];
?>
	<form method="post" action="<?=$_SERVER['PHP_SELF'];?>">
		<table border="0" cellspacing="0" cellpadding="5">
			<tr>
				<td><label for="r_fn">First Name:</label></td>
				<td><input type="text" id="r_fn" name="r_fn" size="35" required="true" /></td>
			</tr>
			<tr>
				<td><label for="r_ln">Surname Name:</label></td>
				<td><input type="text" id="r_ln" name="r_ln" size="35" required="true" /></td>
			</td>
			<tr>
				<td><label for="r_tn">Telephone:</label></td>
				<td><input type="tel" id="r_tn" name="r_tn" size="35" required="true" /></td>
			</tr>
			<tr>
				<td><label for="r_e">Email Address:</label></td>
				<td><input type="email" id="r_e" name="r_e" size="35" required="true" /></td>
			</tr>
			<tr>
				<td><label for="r_e">Ticket Quantity:</label></td>
				<td><input type="number" id="r_q" name="r_q" required="true" /></td>
			</tr>
			<tr>
				<td colspan="2" align="center">
					<input type="hidden" value="<?=$party;?>" name="r_p" />
					<input type="submit" value="Request Ticket" />
				</td>
			</tr>
		</table>
	</form>
Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

If you have a solution to my problem I would be extremely grateful.

 

I gave you two links with two short explanations of all relevant basics.

 

Now it's up to you: You can waste the next days, months, years copypasting crap code from dubious websites and asking other people to fix it for you. Or you can start to read the explanations and actually learn PHP.

 

Writing proper code is no rocket science. I think everybody with basic intelligence can do it. However, if you want to learn a language, you do need to read. You can't just copypaste other people's stuff. This may get you quick results, but you're not gonna learn anything from it.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.