PHP Code not adding the values into SQL database

needinghelpasap

I have 3 PHP forms to add a custom order to my database. The first consists of an ordering form with text fields and drop down boxes. The second brings the information forward using:

header("Location: messagepayment.php?messageonelineone= {$messageonelineone}& messageonelinetwo= {$messageonelinetwo}& messagetwolineone= {$messagetwolineone}& messagetwolinetwo= {$messagetwolinetwo}& colourone= {$colourone}& colourtwo= {$colourtwo}& font= {$font}& package= {$package}& amount= {$amount}");

The second form then displays all this information using the get method and generates a price. I then use the submit button to add all the values including the new generated price to the database:

$query = "insert into mm values(0,NULL,NULL,'".$messageonelineone."','".$messageonelinetwo."','".$messagetwolineone."','".$messagetwolinetwo."','".$font."','".$package."','".$colourresult."','".$colourtwo."','".$amount."','".$amount2."')";
	$result = mysql_query($query, $connection)
		or die ("Unable to perform query 1<br>$query1");

The fields are added to the database but all the fields are blank apart from the 0 and the null values.

Any ideas why?

sneakyimp

Your first bit of code is too short to really know what's going on. YOu reference vars like $messageonelineone but we have no idea what values you might have put in them.

needinghelpasap

Sorry didn't want to include all code and it is quite long with design. But here is the form that generates the information from the previous form and the code that is used to push this information forward.

Form displaying information from previous page with price generation:

<?php
	session_start();
	require "connect.php";
	$messageonelineone = $_GET ['messageonelineone'];
	$messageonelinetwo = $_GET['messageonelinetwo'];
	$messagetwolineone = $_GET['messagetwolineone'];
	$messagetwolinetwo = $_GET['messagetwolinetwo'];
	$colourone = $_GET['colourone'];
	$colourtwo = $_GET['colourtwo'];
	$font = $_GET['font'];
	$package = $_GET['package'];
	$amount = $_GET['amount'];
	//$amount2 = $_GET['amount2'];
?>

  <p class="style60">Order Confirmation </p>
  <p class="style65"><u>Messages</u></p>
</div>
  <p class="style61">
    Message one:<?php
echo $messageonelineone;
echo $messageonelinetwo;
?>
</p>
      <p class="style66">	  <span class="style65"><u>Colours</u></span></p>
	  <span class="style61">Colour one:
	  <?php
		echo $colourone;
		?>
	</span>	  <p class="style65"><u>Font</u></p>
	  	<span class="style61">Font: 
	  	<?php
		echo $font;
		?> 
	  	</span>  	  <p class="style65"><u>Packaging</u></p>
	  	<span class="style61">Package Type:  

	  	<?php
		echo $package;
		?> 
	  	</span>  	  <p class="style65"><u>Quantity</u></p>
	  	 <span class="style61">Amount: 
	  	 <?php
		echo $amount;
		?>
	  	 </span>	  	 <p class="style65"><u>Price</u></p>
      <p class="style61">        Price: $<span class="style61">
	  <?php
	  		if (!empty($_GET['package']))
		{
    		//var_dump($_GET['package']); // debugging
    		if ($_GET['package'] == " 7oz Bag")
   			{
        		echo $amount2 = $_GET['amount'] * 10.99;
   			}
    		elseif ($_GET['package'] == " Gift Bag")
    		{
        		echo $amount2 = $_GET['amount'] * 3.99;
    		}
			elseif ($_GET['package'] == " Silver Tin")
			{
				echo $amount2 = $_GET['amount'] * 15.99;
			}
			elseif ($_GET['package'] == " Elegant Fabric Bag")
			{
				echo $amount2 = $_GET['amount'] * 12.99;
			}
    		else
    		{
        		echo "Cant find package - " . htmlspecialchars($_GET['package']);
    		}
		}	
		?>
      </span> </p>      <p align="center" class="style13">&nbsp;</p></td>
    <td width="439" valign="top" bordercolor="#E5E5E5" bgcolor="#E5E5E5"><p class="style61">&nbsp;</p>
      <p class="style56">&nbsp;</p>
      <p class="style61">&nbsp;</p>
      <p class="style61">Message two:
	    <?php
	  		echo $messagetwolineone;
			echo $messagetwolinetwo ;
			?> 
      </p>
      <p class="style54">&nbsp;</p>
                  <p class="style61">Colour two:
                    <?php
	    echo $colourtwo;
		?>
</p>
                  <p class="style61">&nbsp;</p>
                  <p class="style61">&nbsp;</p>
                  <p class="style61">&nbsp;</p>
                  <p class="style61">&nbsp;</p>
                  <p class="style61">&nbsp;</p>
                  <p class="style61">&nbsp;</p>
                  <p class="style61">&nbsp;</p>
                  <p class="style61"><a href="addclientform.php" class="style17"><span class="style12">
				  <form action="placemessageorder.php" method="get" name="form" id="form"> <input name="submit3" type="submit" class="style61" value="Make Payment"/>
                  </p>

Code that is used to push information forward:

<?php
	session_start();
	require "connect.php";
	$messageonelineone = $_GET ['messageonelineone'];
	$messageonelinetwo = $_GET['messageonelinetwo'];
	$messagetwolineone = $_GET['messagetwolineone'];
	$messagetwolinetwo = $_GET['messagetwolinetwo'];
	$colourone = $_GET['colourone'];
	$colourtwo = $_GET['colourtwo'];
	$font = $_GET['font'];
	$package = $_GET['package'];
	$amount = $_GET['amount'];
	$packageprice = $_GET['packageprice'];

header("Location: messagepayment.php?messageonelineone= {$messageonelineone}& messageonelinetwo= {$messageonelinetwo}& messagetwolineone= {$messagetwolineone}& messagetwolinetwo= {$messagetwolinetwo}& colourone= {$colourone}& colourtwo= {$colourtwo}& font= {$font}& package= {$package}& amount= {$amount}");
exit();
?>

Code used to add information to database:

<?php
	session_start();
	require "connect.php";
	$Username = $_SESSION['Username'];
	$DateOrder= date("Y-m-d");
	$DatePaid = date ("Y-m-d");
	$messageonelineone = $_GET ['messageonelineone'];
	$messageonelinetwo = $_GET['messageonelinetwo'];
	$messagetwolineone = $_GET['messagetwolineone'];
	$messagetwolinetwo = $_GET['messagetwolinetwo'];
	$colourone = $_GET['colourone'];
	$colourtwo = $_GET['colourtwo'];
	$font = $_GET['font'];
	$package = $_GET['package'];
	$amount = $_GET['amount'];
	$amount2 = $_GET['amount2'];
	$query = "select * FROM client WHERE Username = '".$Username."'";
	$result = mysql_query($query) or die ($query . mysql_error());

while ($client = mysql_fetch_assoc($result)) 
{
	$ClientId = $client['ClientId'];
}

$query = "insert into mm values(0,NULL,NULL,'".$messageonelineone."','".$messageonelinetwo."','".$messagetwolineone."','".$messagetwolinetwo."','".$font."','".$package."','".$colourresult."','".$colourtwo."','".$amount."','".$amount2."')";
$result = mysql_query($query, $connection)
	or die ("Unable to perform query 1<br>$query1");

$query = "INSERT INTO `order`(`OrderId`, `ClientId`, `DateOrder`, `DelDate`, `DatePaid`) VALUES (0, ".$ClientId.",'".$DateOrder."', '0000-00-00','".$DatePaid."')";
$result = mysql_query($query, $connection)
	or die ("Unable to perform query<br>$query");

$OrderId = mysql_insert_id($connection);

foreach ($_SESSION['cart'] as $key => $MM)
{
	$query = "INSERT INTO mmorder VALUES(0,".$OrderId.",".$_SESSION['cart'][$key]['MMId'].")";
	$result = mysql_query ($query, $connection)
	or die ("Unable to perform query 3<br>$query");
}
unset($_SESSION['cart']);
header("Location: credit2.php");
exit();

?>

Hope this helps to explain my problem better.

sneakyimp

So you are getting new records each time but the information is empty?

One thing that occurs to me is that this line looks pretty suspect:

header("Location: messagepayment.php?messageonelineone= {$messageonelineone}& messageonelinetwo= {$messageonelinetwo}& messagetwolineone= {$messagetwolineone}& messagetwolinetwo= {$messagetwolinetwo}& colourone= {$colourone}& colourtwo= {$colourtwo}& font= {$font}& package= {$package}& amount= {$amount}");

If you use double quotes ("double quotes") to surround a string, you don't need the curly brackets around the variables. That could be the problem but I'm not sure. Did you check what url actually results from this line? If you see all your data in it then perhaps it's not the problem. If, on the other hand, all the values are empty you'll know what the problem is.

Another thing is that characters like spaces of ampersands or question marks in your variables could 'break' your url. You need to [man]urlencode[/man] the values before putting them in a url.

needinghelpasap

The url is not the problem as the values are being displayed in the form (ref first PHP coding).

It is when I press the Make Payment button on the first PHP coding that uses the third PHP coding to write these values to the database. All values become blank in the database.

Horizon88

Are you SURE that header statement is okay? I know it isn't the main issue - info not populating in the database is - but try removing header() and replacing it with die() to see what gets output. I'm guessing it's no good, too - you've got spaces after your equals and ampersands signs, so if it IS actually inputting variables properly, you'll still have bad data in your database, if it gets into it.

needinghelpasap

After using die the following error is shown

Location: messagepayment.php?messageonelineone= & messageonelinetwo= & messagetwolineone= & messagetwolinetwo= & colourone= Blue& colourtwo= Blue& font= Arial& package= Gift Bag& amount= 2

So there is spaces and ampersands are shown, I can remove the spaces but how do I bring forward multiple data inputs without using an ampersand?

Horizon88

You aren't actually setting $messageline anywhere. They aren't getting any values - the other items - color, package, etc - all show up, but you'll note the $message* variables aren't getting set.

The spaces need to be removed, and the ampersands as they are currently are fine - what sneakyimp was saying was that if I put in, say:
This is & a test
as my message, it would show up as:
messageonelineone=thisis&a%20test - giving you two variables and just breaking all sorts of things. So you'd need to do:

header("Location: ....php?messageonelineone=".urlencode($messageonelineone)."....");

And then use urldecode() to get them back to their original values after passing them through the form.

But first, you need to figure out why your message variables are still empty.

sneakyimp

You need the ampersands to separate distinct variables. the spaces make the resulting URL invalid and must be removed. Furthermore, if your variables contain any ampersands or spaces (or various other characters that are illegal in a url) then you need to [man]urlencode[/man] them.

needinghelpasap

Sorry bear with me....message values weren't returning anything as I didn't put in test data so these do all work!

So how would I change this complete header using urlencode?

header("Location:messagepayment.php?messageonelineone={$messageonelineone}&messageonelinetwo={$messageonelinetwo}&messagetwolineone={$messagetwolineone}&messagetwolinetwo={$messagetwolinetwo}&colourone={$colourone}&colourtwo={$colourtwo}&font={$font}&package={$package}&amount={$amount}");

needinghelpasap

Also don't know if this information helps but price is also not added to the database and that is generated on the page where the rest of the information is pulled forward.