Jump to content

auction site


torpedo91

Recommended Posts

Good day all , 

I am in the processes of creating a add buyer page for an auction site. However , the rows are not updating when i add a new buyer. Below is the code i have written . 

 

This is the add buyer form page

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
    
<?php    
    echo "<img id='logo' src='auction.png'/>";
    echo "<br>";
    echo "<form class='add_buyer_form' action='check_buyer.php' method='POST'>";
    
    if (isset($_GET["buyer"]))
        
    {
        if($_GET["buyer"] == "successful")
        {
            echo"<h4>Successfully added user!</h4>";
                              
        }

            else if ($_GET["buyer"] == "duplicate")
            echo"<h4? BUyer already exists. Please enter another username and password<h4>";
     
    
    }
    else 
    {
        
        echo "<h4>Please Add the buyers username and password</h4>";
        
    }
        
    
 echo "<label class='label' for='username'>Username:</label>";
    echo "<input class='text' type='text' name='username' placeholder='username'>";
    echo "<br>";
    echo "<label class='label' for='password'>Password:</label>";
    echo "<input class='password' type='password' name='password' placeholder='Password'>";
    
    echo "<input class='submit' type='submit' value='Add Buyer'>";
    
    echo"</form>";
    
    ?>    
    
</body>
</html>

 

This is the check buyer form page

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
<?php

    
    if (!empty($POST["username"]) && !empty($_POST["password"]))
    {
        
$DBHOST = "localhost";    
$DBUSER = "tim";
$DBPWD  = "nineteen1985";    
$DBNAME = "customs_auction";    
        
    $conn = new mysqli($DBHOST, $DBUSER, $DBPWD, $DBNAME);

if ($conn->connect_error)    
{
    die("connection failed:" .$conn->connect_error);
    
}    

        
$username = $_POST["username"];
$password = $_POST["password"];
$hashed = password_hash($password, PASSWORD_DEFAULT);

$statement = "SELECT * FROM buyer WHERE username=?";
$stmt = $conn->prepare($statement);
$stmt->bind_param("s", $username);
$stmt->execute;
$result = $stmt->get_result();


if ($result->num_rows>=1)
{
    $value = "duplicate";
    header("Location: add_buyer.php?buyer=$value");
    
}
    else
{
    $statement = "INSERT INTO buyer(username,password) VALUES(?, ?)";
    $stmt = $conn->prepare($statement);
    $stmt->bind_param("ss", $username, $hashed);
    $stmt->execute;    
    
        
    $value = "successful";
    header("Location: add_buyer.php?buyer=$value");
    }
    
    $conn->close();
    }
        
    else
    {
        header("Location: add_buyer.php");
        
    }
        
                 
    
?>    
    
</body>
</html>

 

 

 

 

Link to comment
Share on other sites

There is no data because no code executes to add them.

  • You have a $POST instead of $_POST so the first if() fails.
  • You use "execute" instead of "execute()"
  • You need to remove the html code from the start of check_buyer.php otherwise the header() calls will fail (you can't sent output before a header() call.) There is no need for any html in that file.
Link to comment
Share on other sites

A more efficient way to write the code is not to check first if the username exists but to define a UNIQUE key on username column.

The just add the record and trap any duplicate key exceptions. Like this...

<?php
if (!empty($_POST["username"]) && !empty($_POST["password"]))
{
        
    $DBHOST = "localhost";    
    $DBUSER = "tim";
    $DBPWD  = "nineteen1985";    
    $DBNAME = "customs_auction";      
    
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);    
    $conn = new mysqli($DBHOST, $DBUSER, $DBPWD, $DBNAME);

    $hashed = password_hash($_POST["password"], PASSWORD_DEFAULT);

    try {
        $statement = "INSERT INTO buyer(username,password) VALUES(?, ?)";
        $stmt = $conn->prepare($statement);
        $stmt->bind_param("ss", $_POST["username"], $hashed);
        $stmt->execute();
        header("Location: add_buyer.php?buyer=successful");
    }
    catch (mysqli_sql_exception $e) {
        if ($e->getCode() == 1062) {
            header("Location: add_buyer.php?buyer=duplicate");
        }
        else throw $e;
    }
}
        
else
{
    header("Location: add_buyer.php");
    
}
?>    

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.