Code ERROR - MySQL/PHP based shopping

StaXico

HI!

I'm a webmaster for a swedish e-shopping site.

I'm having a problem with the shoppingcart:
When you view your cart before ordering, you can change the quantity of each product.

All your cartitems are listed from a MySQL-server and then IF you want to change an items quantity, you simply change the number in the quantity box and then press a button.

When the button is pressed, a routine lists the products again so that it knows the names of the inputboxes: every input box would has a name someting like: qty_PRODUCTNAME_OPTIONNUMBER (se code)
And then changes the quantity

But when the routine reads the values of the input boxes it gets zero info.

Code for showing cart:

 function showCart() {
    global $user, $prefix, $dbi, $points;
    if (is_user($user)) {
        $userinfo = getusrinfo($user);
        $grandTotal = 0;
        $prodTotal = 0;
        $shipTotal = 0;
        $noshipcost = 0;
		$pickup = 0;
        if ($userinfo[myCurr] != '0') {
			$currresult = sql_query("SELECT symbol, currency, rvalue, curradj, defcurr FROM $prefix"._cart_currencies." WHERE currID='$userinfo[myCurr]'", $dbi);
		}
		else {
			$currresult = sql_query("SELECT symbol, currency, rvalue, curradj, defcurr FROM $prefix"._cart_currencies." WHERE defcurr='1'", $dbi);
		}
        list($symbol, $currency, $rvalue, $curradj, $defcurr) = sql_fetch_row($currresult, $dbi);
        echo "<FORM NAME=\"cart\" METHOD=\"POST\" ACTION=\"modules.php\"><INPUT TYPE=\"HIDDEN\" NAME=\"op\" VALUE=\"modload\"><INPUT TYPE=\"HIDDEN\" NAME=\"name\" VALUE=\"Shopping_Cart\"><INPUT TYPE=\"HIDDEN\" NAME=\"file\" VALUE=\"index\"><INPUT TYPE=\"HIDDEN\" NAME=\"c_op\" VALUE=\"\"><INPUT TYPE=\"HIDDEN\" NAME=\"sid\" VALUE=\"\"><INPUT TYPE=\"HIDDEN\" NAME=\"oID\" VALUE=\"\">";
        OpenTable();
        echo "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"0\" WIDTH=\"100%\">"
            ."<TR>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"option\">"._PRODUCT."</TD>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"option\"><NOBR>"._UNITCOST."</NOBR></TD>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"option\">"._QTY."</TD>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"option\"><NOBR>"._SUBTOTAL."</NOBR></TD>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"option\">"._FUNCTIONS."</TD>"
            ."</TR><TR><TD COLSPAN=6><HR></TD></TR>";
        $result = sql_query("SELECT storyID, qty, optID, sel1, sel2, freetxt FROM $prefix"._cart_cartitems." WHERE userID='$userinfo[uid]'", $dbi);
        $c = 0;
        while (list($sid, $qty, $oID, $sel1, $sel2, $freetxt) = sql_fetch_row($result, $dbi)) {
            $c++;
        $prodInfo = sql_fetch_array(sql_query("SELECT * FROM $prefix"._cart_products." WHERE prodcode='$sid'", $dbi), $dbi);
        $promoInfo = sql_fetch_array(sql_query("SELECT * FROM $prefix"._cart_promo." WHERE prodcode='$sid'", $dbi), $dbi);
        $cost = $prodInfo[cost];
        $ship = $prodInfo[ship];
        if ($prodInfo[c2a] =='1' && $prodInfo[cost2] != '0.00' && $userinfo[dealer] == '1' && $promoInfo[prodcode] == '') {
            $cost = $prodInfo[cost2];
            $ship = $prodInfo[ship2];
            $colour = " STYLE=\"color: #FF0000\"";
        }
        if ($prodInfo[c3a] =='1' && $prodInfo[cost3] != '0.00' && $points == '1') {
            $cost = $prodInfo[cost3];
            $ship = $prodInfo[ship3];
            $isPoints = 1;
            $colour = " STYLE=\"color: #AA00AA\"";
        }
        if ($promoInfo[prodcode]==$prodInfo[prodcode]) {
            $oldCost = $prodInfo[cost];
            $cost = $promoInfo[newCost];
            $oldCost = ($oldCost*$rvalue) + ($oldcost*($curradj/100));
            $oldCost = sprintf("%01.2f", $oldCost);
        }
        if ($isPoints!=1) { $cost = ($cost*$rvalue) + ($cost*($curradj/100)); $ship = ($ship*$rvalue) + ($ship*($curradj/100)); }
            $cost = sprintf("%01.2f", $cost);
            $ship = sprintf("%01.2f", $ship);
            $total = $cost * $qty; $total = sprintf("%01.2f", $total);
            $prodTotal = $prodTotal + ($cost * $qty);
            $shipTotal = $shipTotal + ($ship * $qty);
            if ($prodTotal > 1000) { $noshipcost = 1; }
	    if ($payMethod == '4') { $pickup = 1; }
            $grandTotal = $prodTotal;
            echo "<TR>"
                ."<TD CLASS=\"content\" WIDTH=\"100%\">$prodInfo[title] <I CLASS=\"boxcontent\">($prodInfo[prodcode])</I> $sel1 $sel2 $freetxt</TD>"
                ."<TD ALIGN=\"RIGHT\" CLASS=\"content\"><NOBR>$symbol $cost&nbsp;<I CLASS=\"boxcontent\">$currency</I></NOBR></TD>"
                ."<TD ALIGN=\"CENTER\" CLASS=\"content\"><NOBR><INPUT TYPE=\"BUTTON\" VALUE=\"&lt;\" onClick=\"document.forms['cart'].qty_$sid_$oID.value=document.forms['cart'].qty_$sid_$oID.value - 1;\" CLASS=\"boxcontent\"><INPUT TYPE=TEXT NAME=\"qty_$sid_$oID\" VALUE=$qty SIZE=\"3\" STYLE=\"text-align: center\"><INPUT TYPE=BUTTON VALUE=\"&gt;\" onClick=\"document.forms['cart'].qty_$sid_$oID.value=Number(document.forms['cart'].qty_$sid_$oID.value) + 1;\" CLASS=\"boxcontent\"></NOBR></TD>"
                ."<TD ALIGN=\"RIGHT\" CLASS=\"content\"><NOBR>$symbol $total&nbsp;<I CLASS=\"boxcontent\">$currency</I></NOBR></TD>"
                ."<TD ALIGN=\"CENTER\" CLASS=\"boxcontent\" STYLE=\"font-weight: bold;\"><A onclick=\"document.forms['cart'].qty_$sid_$oID.value='0'; document.forms['cart'].c_op.value='editCart'\" HREF=\"javascript:document.forms['cart'].submit()\"><IMG SRC=\"images/members/delete.gif\" ALT=\""._DELETE."\" BORDER=0 VSPACE=2 HSPACE=2></A></TD>"
                ."</TR>";
        }
        if ($c == 0) {
			echo "<TR><TD COLSPAN=\"6\" ALIGN=\"CENTER\" CLASS=\"content\"><I>"._CARTEMPTY."</I></TD></TR>";
		}
        if ($c != 0) {
            $prodTotal = sprintf("%01.2f", $prodTotal);
            $shipTotal = sprintf("%01.2f", $shipTotal);
            $grandTotal = sprintf("%01.2f", $grandTotal);
            echo "<TR><TD COLSPAN=\"6\"><HR></TD></TR><TR>"
                ."<TD ALIGN=\"RIGHT\" CLASS=\"option\">"._SUBTOTAL.":</TD>"
                ."<TD ALIGN=\"RIGHT\" CLASS=\"content\"><NOBR>$symbol $prodTotal <I CLASS=\"boxcontent\">$currency</I></NOBR></TD>"
                ."<TD ALIGN=\"RIGHT\" CLASS=\"option\">"._TOTAL.":</TD>"
                ."<TD ALIGN=\"RIGHT\" CLASS=\"option\"><NOBR>$symbol $grandTotal <I CLASS=\"boxcontent\">$currency</I></NOBR></TD>"
                ."<TD ALIGN=\"CENTER\" CLASS=\"option\"><INPUT TYPE=\"SUBMIT\" VALUE=\""._EDIT."\" onClick=\"document.forms['cart'].c_op.value='editCart';\" CLASS=\"boxcontent\"></TD></TR>";
	    if ($noshipcost==1 && $pickup==0) {
    		echo "<tr><td><DIV ALIGN=CENTER CLASS=\"content\"><font color=\"red\">"._NOSHIPCOST."</font></td>";
	    }
	    if ($noshipcost==0 && $pickup==0) {
		echo "<tr><td><DIV ALIGN=CENTER CLASS=\"content\"><font color=\"red\">"._SHIPCOST."</font></td>";
	    }


	echo "</TR>";


    }
    echo "</TABLE>";

    CloseTable();

    if ($defcurr!='1') { echo "<BR>"; OpenTable(); echo "<DIV CLASS=\"option\" ALIGN=CENTER>"._NOTDEFCURR."</DIV>"; CloseTable(); }
    if ($c != 0) {
        echo "<BR>";
        OpenTable();
        echo "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=0 WIDTH=100%>"
            ."<TR>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"boxcontent\" WIDTH=\"33%\"><INPUT TYPE=\"SUBMIT\" VALUE=\""._EMPTYCART."\" onClick=\"document.forms['cart'].c_op.value='emptyCart';\" CLASS=\"boxcontent\"></TD>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"boxcontent\" WIDTH=\"34%\"><INPUT TYPE=\"BUTTON\" VALUE=\""._BROWSECATL."\" onClick=\"window.location.href='modules.php?name=Shopping_Cart'\" CLASS=\"boxcontent\"></TD>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"boxcontent\" WIDTH=\"33%\"><INPUT TYPE=\"SUBMIT\" VALUE=\""._CHECKOUT."\" onClick=\"document.forms['cart'].c_op.value='Checkout';\" CLASS=\"boxcontent\"></TD>"
            ."</TR>"
            ."</TABLE>";
        CloseTable();
        echo "</FORM>";
    } else {
        echo "<BR>";
        OpenTable();
        echo "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"0\" WIDTH=\"100%\">"
            ."<TR>"
            ."<TD ALIGN=\"CENTER\" CLASS=\"boxcontent\"><INPUT TYPE=\"BUTTON\" VALUE=\""._BROWSECATL."\" onClick=\"window.location.href='modules.php?name=Shopping_Cart'\" CLASS=\"boxcontent\"></TD>"
            ."</TR>"
            ."</TABLE>";
        CloseTable();
        echo "</FORM>";
    }
}
}

And the routine:

    case "editCart":
        global $user, $prefix, $dbi;
        $userinfo = getusrinfo($user);
        include("header.php");
        OpenTable();
        echo "<DIV ALIGN=CENTER CLASS=\"title\">"._YOURCART." - "._EDITCART."</DIV>";
        CloseTable();
        echo "<BR>";
        OpenTable();
        $result = sql_query("SELECT a.storyID, a.optID, b.prodcode FROM $prefix"._cart_cartitems." a, $prefix"._cart_products." b WHERE a.storyID = b.prodcode AND a.userID='$userinfo[uid]'", $dbi);
        while (list($storyID, $optID, $prodcode) = sql_fetch_row($result, $dbi)) {
                      $quantity = "qty_".$storyID."_".$optID;
            if ($$quantity != 0) {
    		  sql_query("UPDATE $prefix"._cart_cartitems." SET qty='".$$quantity."' WHERE userID='$userinfo[uid]' AND storyID='$storyID' AND optID='$optID'", $dbi);
              echo "<LI>"._CARTUPDATEDITEM." ($prodcode)";
            } else {
    		  sql_query("DELETE FROM $prefix"._cart_cartitems." WHERE userID='$userinfo[uid]' AND storyID='$storyID' AND optID='$optID'", $dbi);
              echo "<LI>"._CARTDELETEDITEM." ($prodcode)";
            }
            echo "$$quantity";
        }
        CloseTable();
        echo "<BR>";
        showCart();
        include("footer.php");
        break;

PLEASE HELP ME
//Erik

LordShryku

Man, don't double post. That's just annoying.

StaXico

Sorry, I just tought the problem fitted under both categories.

But thanks, I won't do it again.