I'm using PHP 4 and working a tutorial that starts with a script that includes a form:

<form action="processorder.php" method=post>
<table border=0>
<tr bgcolor=#cccccc>
<td width=150>Item</td>
<td width=15>Quantity</td>
</tr>
<tr>
<td>Tires</td>
<td align="center"><input type="text" name="tireqty" size="3"

maxlength="3"></td>
</tr>
<tr>
<td>Oil</td>
<td align="center"><input type="text" name="oilqty" size="3" maxlength="3"></td>
</tr>
<tr>
<td>Spark Plugs</td>
<td align="center"><input type="text" name="sparkqty" size="3"
maxlength="3"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Submit Order"></td>
</tr>
</table>
</form>

The script for processing this form is given as:

<html>
<head>
<title>Bob's Auto Parts - Order Results</title>
</head>
<body>
<h1>Bob's Auto Parts</h1>
<h2>Order Results</h2>
<?php
echo "<p>Order processed at ";
echo date( "H:i, F jS, Y");
echo "<br><br>";
echo $tireqty." tires<br>";
echo $oilqty." bottles of oil<br>";
echo $sparkqty." spark plugs<br>";
?>
</body>
</html>

I realize that the very last 3 lines that begin "echo $..." can't just go to the variable. I need to use something like:

$HTTP_POST_VARS['$tireqty']
$HTTP_POST_VARS['$oilqty']
$HTTP_POST_VARS['$sparkqty']

I don't know exactly where--or whether that's exactly correct the way I have it.

Can someone please help with this?

Thank you.

Steve Tiano

try using $POST['postvarname'] instead (note the no $ infront of the postvarname instead of $POST[]

also you can put this at the beginning of your script
extract($_POST);

this will make $_POST['thisvar'] available as $thisvar (just like with old default configs of php with register globals on)

in fact, if you don't have register globals on, the variables will be populated automatically. Many experts think that keeping register globals on is a bad idea.

If register globals is off, put this in the
<?php

area anyplace before the values are echo'ed:

$tireqty=$POST['tireqty'];
$oilqty=$POST['oilqty'];
$sparkqty=$_POST['sparkqty'];

Note no $ in the $POST array identifier
Note $POST now prefered to HTTP_POST_VAR

Originally posted by nemonoman
in fact, if you don't have register globals on, the variables will be populated automatically. Many experts think that keeping register globals on is a bad idea.

If register globals is off, put this in the
<?php

area anyplace before the values are echo'ed:


$tireqty=$POST['tireqty'];
$oilqty=$POST['oilqty'];
$sparkqty=$_POST['sparkqty'];

Note no $ in the $POST array identifier
Note $POST now prefered to HTTP_POST_VAR

why do all that when 1 line

extract($_POST);

will do the exact same thing?

because that would be (almost) the same as keeping register_globals on.

Actually, the assignment probably should be done as you apply a function to prevent SQL injection etc.

Heh, we're working through the same book.

Anyway, I have the part that he's asking for help working (because someone on here told me).

anyway, this works:

echo "<p>Order processed at ";
echo date("H:i, jS F");
echo "<br>";
echo "<p>You order is as follows:";
echo "<br>";
echo $_POST['tireqty']. " tires<br>";
echo $_POST['oilqty']. "  bottles of oil<br>";
echo $_POST['sparkqty']. "  spark plugs<br>";

the next part I'm working on this:

$totalqty = $tireqty + $oilqty + $sparkqty;
$totalamount = $tireqty * TIREPRICE + $oilqty * OILPRICE + $sparkqty * SPARKPRICE;
$totalamount = number_format($totalamount, 2);
echo "<br>\n";
echo "Items ordered:  .$_POST['totalqty']. <br>\n";
echo "Subtotal:               

$ $_POST.['totalamount']."  "<br>\n";
$taxrate = 0.10; // local sales tax is 10%
$totalamount = $totalamount * (1+ $taxrate);
$totalamount = number_format($totalamount, 2);
echo "Total including tax: $".$_POST['totalamount']."<br>\n";
?>

Now, I'm just totally lost, I have no clue on where to use $_POST[];, I have no clue where to concatenate, I have no clue on proper quotations. ;dfkjak this is horrible.

J.

you have to close quotes before concatenating... so this should work...

$totalqty = $tireqty + $oilqty + $sparkqty;
$totalamount = $tireqty * TIREPRICE + $oilqty * OILPRICE + $sparkqty * SPARKPRICE;
$totalamount = number_format($totalamount, 2);
echo "<br>\n";
echo "Items ordered: " .$_POST['totalqty']. "<br>\n";
echo "Subtotal:            

$" .$_POST.['totalamount'].  "<br>\n";
$taxrate = 0.10; // local sales tax is 10%
$totalamount = $totalamount * (1+ $taxrate);
$totalamount = number_format($totalamount, 2);
echo "Total including tax: $".$_POST['totalamount']."<br>\n";
?>

and unless you defined OILPRICE and SPARKPRICE you will need to fix that too

Define them how?

$POST['TIREPRICE'];
$POST['OILPRICE'];
$_POST['SPARKPRICE'];

?

J.

Originally posted by Chaotic Reality
Define them how?

$POST['TIREPRICE'];
$POST['OILPRICE'];
$_POST['SPARKPRICE'];

?

J.

how your current code looks...

totalamount = $tireqty * TIREPRICE + $oilqty * OILPRICE + $sparkqty * SPARKPRICE; 

ie. no $, they should be define()'d as CONSTANTS

sigh. these books are freakin useless. dont know how i'm suppose to learn by example if they don't work without modifiying the hell out of them with things i have no idea about.

J.

Your book was written during a kinder and gentler time.

A little history might be in order.

Originally PHP was designed to work very easily with variables whether submitted in forms (via POST) or through URLs (either with a form GET method, or simply by putting the vars in a URL string.

Suppose you wrote a program where the author of a bulletin board message could delete the message s/he wrote.

First you might do something like this:

<? $result=mysql_query("SELECT messageid FROM messagetable where authorid=123");
$row=mysql_fetch_array($result);
$messageid=$row[0];

//then you could create a form for author with id 123:

echo "
<form method=post action=deleterecord.php>
<input type=hidden name=messageid value=$messageid>
Delete record $messageid?
<input type=submit name=delete value='DELETE'>
</form>

";

The author (with id 123) would see a form that said:
Delete record 222?
-Button-DELETE

If the author were to click the button, and PHP would pick up the variables from the form. deleterecord.php might be:

<? if($delete) {mysql_query("DELETE FROM messagetable WHERE messageid=$messageid");
echo "message $messageid was deleted"; } ?>

That code would check if the variable named 'delete' existed -- as it would be if the submit button were clicked.

The code would then use the hidden messageid variable embedded in the form and delete the user's message.

This is pretty simple code.

Your book reflects this approach. With "register globals" on, PHP captures and populates any named variables shown in the submitted form.

Somebody figured out that they could hand-craft a URL like this:

http://somesite.com/deleterecord.php?recordid=111&delete=true

The variables in this URL -- GET variables -- would automatically be defined and populated by PHP.

While the form might have been meant to delete only a specific message that the user wrote, the URL above creates a simlar set of data, without any regard to controlling access.

This presents opportunity for mischief.

$_POST (which replaced $HTTP_POST_VARS, thank god) gets around this problem.

$_POST is an array that shows variables resulting from a form's POST method.

Each named element in the array $_POST contains the value of the variable named in the form.

Change the code to:

<? 
$delete=$_POST['delete'];
$messageid=$_POST['messageid'];
if($delete) {mysql_query("DELETE FROM messagetable WHERE messageid=$messageid");
echo "message $messageid was deleted"; } 
?>

Because it works on POST variables (not the GET variables of a URL, the will now work only the variables ASSIGNED TO THE FORM BY THE PROGRAMMER (remember that 'SELECT messageid...' query that populated the form?).

Another thing:

$_POST is a global variable. That means you can access its content within any function.

for example you could turn the delete code into a function like this:

function deletemessage(){
$delete=$_POST['delete'];
$messageid=$_POST['messageid'];
  if($delete) {mysql_query("DELETE FROM messagetable WHERE   messageid=$messageid");
  return true;
  }
  else
  {
  return false;
  }
}

and change deleterecord.php to

if(deletemessage()){echo "message $messageid was deleted";}

Since $_POST is always globally available, you wouldn't need to worry about passing parameters to this function, or predeclaring certain variables as globals. A minor benefit, to be sure, but occasionally very useful.

There are several global arrays similar to $POST: $GET, $COOKIE, $SERVER. You should look them up.

Good luck.

Thanks, but I don't even know the simple stuff of PHP let alone anything about MySQL. :/

tekky: are you saying leave the $ off $totalamount? cuz I tried that and just got a parse error. shrug

J.

Originally posted by Chaotic Reality
Thanks, but I don't even know the simple stuff of PHP let alone anything about MySQL. :/

tekky: are you saying leave the $ off $totalamount? cuz I tried that and just got a parse error. shrug

J.

no I'm saying

in this...

$totalamount = $tireqty * TIREPRICE + $oilqty * OILPRICE + $sparkqty * SPARKPRICE;

TIREPRICE OILPRICE and SPARKPRICE arent variables unless they were previously DEFINE()'d as CONSTANTS

Yeah, I got it figured out. My wireless was being a pain and wouldn't load up the board when I fixed it.

J.

cool, if not I was gonna point you to ANOTHER post where someone posted the whole code for that script and it has teh define()'s in it....

where at in Denver are ya anyways? (I'm off Hampden/Telluride in SE Aurora near Buckley)

Up in Thornton. Between Washington/Grant.

Wanna come teach me PHP? :p

J.

Originally posted by Chaotic Reality
Up in Thornton. Between Washington/Grant.

Wanna come teach me PHP? :p

J.

lol I'm always willing to help out (when I got time anyways :p) check your pm's