PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Tuesday, July 26, 2022

[FIXED] Where to put PHP script for order form?

 July 26, 2022     database, dreamweaver, insert, mysql, php     No comments   

Issue

Hi guys I use dreamweaver and I've been following this tutorial. http://www.htmlgoodies.com/beyond/webmaster/projects/article.php/3530691

It's not very specific with the details on where to put the PHP script so i'm confused if I should put it on the same page or in a different page. I have orfm.php which includes the order form and javascript for the calculation.That works fine. After clicking the submit button the action for that leads to submitted.html. But after adding the PHP script on the same page,orfm.php, for inserting data in mysql, it's not working how it should be. Should I put it on a separate page or am I wrong with the placement on the same page?

here's the script:

<?
 //uncomment for debugging
 //print_r($_POST);

 //most sites have magic quotes on
 //but if they do not, this code simulates magic quotes
 if( !get_magic_quotes_gpc() )
  {
     if( is_array($_POST) )
       $_POST = array_map('addslashes', $_POST);
  }


  //make sure there is data in the name and email fields
     if( empty($_POST["Name"]) )
  {
   $error["name"] = "Name is required.";
   $Name = "";
  }
  else
  $Name = $_POST["Name"];

  if( empty($_POST["Email"]) )
   {
     $error["email"] = "Email is required.";
     $Email = "";
   }
   else
     $Email = $_POST["Email"];

  if( empty($_POST["OtherInfo"]) )
   {
    $OtherInfo = "";
   }
  else
    $OtherInfo = $_POST["OtherInfo"];

  //check to make sure the qty fields are whole numbers
  //but only check if there was data entered
  if( !empty($_POST["qtyA"]) )
   {
    if( is_numeric($_POST["qtyA"]) && ( intval($_POST["qtyA"]) == floatval($_POST["qtyA"]) ) )
   {
    //we have a whole number
   }
   else
    $error["qtyA"] = "Please enter a whole number for Class A Widgets.";
   }

    if( !empty($_POST["qtyB"]) )
   {
    if( is_numeric($_POST["qtyB"]) && ( intval($_POST["qtyB"]) == floatval($_POST["qtyB"]) ) )
   {
    //we have a whole number
   }
    else
    $error["qtyB"] = "Please enter a whole number for Class B Widgets.";
   }

   if( !empty($_POST["qtyC"]) )
   {
   if( is_numeric($_POST["qtyC"]) && ( intval($_POST["qtyC"]) == floatval($_POST["qtyC"]) ) )
   {
    //we have a whole number
   }
    else
      $error["qtyC"] = "Please enter a whole number for Class C Widgets.";
   }


   //we should have at least 1 item ordered in the form
    if( empty($_POST["qtyA"]) && empty($_POST["qtyB"]) && empty($_POST["qtyC"]) )
    $error["no_qty"] = "Please enter at least 1 item to order.";


    if( is_array($error) )
   {

     echo "An error occurred while processing your order.";
     echo "<br>\n";
     echo "Please check the following error messages carefully, then click back in your browser.";
     echo "<br>\n";

     while(list($key, $val) = each($error))
    {
    echo $val;
    echo "<br>\n";
    }

   //stop everything as we have errors and should not continue
   exit();

   }


  //we do not need the rest of the form fields as we can just calculate them from the whole numbers
  if( !empty($_POST["qtyA"]) )
  {
  $qtyA = $_POST["qtyA"];
  $totalA = $qtyA * 1.25;
  }
  else
  {
  $qtyA = 0;
  $totalA = 0;
  }

  if( !empty($_POST["qtyB"]) )
  {
    $qtyB = $_POST["qtyB"];
    $totalB = $qtyB * 2.35;
  }
    else
  {
    $qtyB = 0;
    $totalB = 0;
   }

  if( !empty($_POST["qtyC"]) )
   {
   $qtyC = $_POST["qtyC"];
   $totalC = $qtyC * 3.45;
   }
    else
   {
   $qtyC = 0;
   $totalC = 0;
   }

  $GrandTotal = $totalA + $totalB + $totalC;


   //we can store the order in a database as well

   $link = @mysql_connect('localhost', 'root', 'password');
   if (!$link)
    {
    echo "Could not connect: " . mysql_error();
    }
    else
    {
     mysql_select_db('admin');

     $query  = "INSERT INTO order_queue
         (  Name ,   Email ,   OtherInfo ,   qtyA ,
            totalA ,   qtyB ,   totalB ,   qtyC ,   totalC ,   GrandTotal )";
     $query .= " VALUES
         ('$Name', '$Email', '$OtherInfo', '$qtyA',
          '$totalA', '$qtyB', '$totalB', '$qtyC', '$totalC', '$GrandTotal')";
    //echo $query . "<br>\n";

  $result = mysql_query($query);
  mysql_free_result($result);
  mysql_close($link);
 }
?>

Order form

<form method="POST" action="submitted.php" onsubmit="return Validate(this)" name="ofrm">
<p>Please tell us who you are (<font color="#FF0000">red</font> denotes required information):</p>
<table border="0" cellpadding="0" width="550" id="table1">
<tr>
<td width="340" align="right"><font color="#FF0000">Name</font></td>
<td width="10">&nbsp;</td>
<td width="200"><input type="text" name="Name" size="30" tabindex="1"></td>
</tr>
<tr>
<td width="340" align="right"><font color="#FF0000">Email</font> 
(Your confirmation will be sent here): </td>
<td width="10">&nbsp;</td>
<td width="200"><input type="text" name="Email" size="30" tabindex="1"></td>
</tr>
<tr>
.......//more here
<td>
<input type="submit" value="Submit" name="subButton" tabindex="50">&nbsp;&nbsp;&nbsp;&nbsp; 
<input type="reset" value="Reset" name="resetButton" tabindex="50">
</td>
</tr>
</table>
</form>

I just want to make this work to insert in the database. Should I put it on the same page as the form, the action=" ", or where?

EDIT the form action is now submitted.php I put the php script there. it's giving me this error:

\n"; echo "Please check the following error messages carefully, then click back in your browser."; echo "
\n"; while(list($key, $val) = each($error)) { echo $val; echo "
\n"; } //stop everything as we have errors and should not continue exit(); } //we do not need the rest of the form fields as we can just calculate them from the whole numbers if( !empty($_POST["qtyA"]) ) { $qtyA = $_POST["qtyA"]; $totalA = $qtyA * 1.25; } else { $qtyA = 0; $totalA = 0; } if( !empty($_POST["qtyB"]) ) { $qtyB = $_POST["qtyB"]; $totalB = $qtyB * 2.35; } else { $qtyB = 0; $totalB = 0; } if( !empty($_POST["qtyC"]) ) { $qtyC = $_POST["qtyC"]; $totalC = $qtyC * 3.45; } else { $qtyC = 0; $totalC = 0; } $GrandTotal = $totalA + $totalB + $totalC; //we can store the order in a database as well $link = @mysql_connect('localhost', 'root', 'password'); if (!$link) { echo "Could not connect: " . mysql_error(); } else { mysql_select_db('admin'); $query = "INSERT INTO order_queue ( Name , Email , OtherInfo , qtyA , totalA , qtyB , totalB , qtyC , totalC , GrandTotal )"; $query .= " VALUES ('$Name', '$Email', '$OtherInfo', '$qtyA', '$totalA', '$qtyB', '$totalB', '$qtyC', '$totalC', '$GrandTotal')"; //echo $query . "
\n"; $result = mysql_query($query); mysql_free_result($result); mysql_close($link); } ?>

Solution

It is difficult to make a judgement without seeing the markup/html side but here are a few pointers:

  • You can submit the page to itself using htmlentities($_SERVER['PHP_SELF']); in the action attribute on the tag or to another page action="submitted.php"
  • Ensure that the input area name= attribute names are matching case. If you have $_POST["test"] in the scripting after the post then the <input name="test" should be the same and not <input name="Test"
  • If you cannot debug using the IDE then add echo "1"; echo "2"; echo "3"; in sequence as the script is executed to see where the numbering debug stops. That would be the best place to start troubleshooting.
  echo "1";
  if( empty($_POST["Name"]) )
  {
     echo "2";
     $error["name"] = "Name is required.";
     $Name = "";
  }
  else
  {
     echo "3";
     $Name = $_POST["Name"];
     echo "4";
   }

Not the best example but you get the idea. I usually do this with a large script I try and make sense of.

  • Before executing the INSERT echo it as text to see if all the variable contain data. You should also output the database error message using mysql_query($sql) OR die(mysql_error());. Please try and use PDO or mysqli_query instead.
  • Ensure the Javascript validation is not blocking the submit. remove the validation and test the script to see if it submits. If it does then the problem lies on the client side code.

I hope this helps.



Answered By - Conrad Lotz
Answer Checked By - Mildred Charles (PHPFixing Admin)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

1,261,850

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © 2025 PHPFixing