$_GET Help

Stalingrad

Hello. =] I've been having trouble understanding $_GET, (in PHP); when there's something like this: ?action=buy&itemid=1. I programmed a Shopping Cart for the website that I'm making, and when somebody clicks on the item that they'd like to purchase; (the link is: shops.php?action=buy&itemid=$itemid); the page comes up blank, and nothing happends. I have no clue what's wrong with it, and I'm becomming VERY frustrated. Does anybody know where I "messed up"? Here's the entire Shopping Cart code:

<?php
session_start();
include("config.php");
if($SESSION['username'] == "" || $SESSION['password'] == "") {
notloggedin();
}
if($SESSION['username'] != "" && $SESSION['password'] != "") {
start();
$action = $GET['action'];
$shopid = $GET['shopid'];

if($action != "buy") {
$show_query = mysql_query("SELECT FROM items WHERE shopid ='$shopid' ORDER BY itemid");
for($i=0;$i<@mysql_numrows($show_query);$i++) {

$itemid=mysql_result($show_query,$i,"itemid");
$showname=mysql_result($show_query,$i,"name");

$showimage=mysql_result($show_query,$i,"image");
$showprice=mysql_result($show_query,$i,"price");
$showamount=mysql_result($show_query,$i,"amount");
$showdescription=mysql_result($show_query,$i,"description");
$showrarity=mysql_result($show_query,$i,"rarity");

if($i%4==0) echo "<tr>";
echo "<td><center>$showname <a href=shops.php?action=buy><img src=../images/items/$showimage border=\"0\"></a> $showprice EDC Amount: $showamount</center></td>";

if($i%4==2) echo "</tr>";
}
if($action == "buy") {
$items_id = $GET['itemid'];
$the_item = mysql_query("SELECT FROM items WHERE itemid='$items_id'");
while($showit = mysql_fetch_array($the_item)) {
$itemid = $showit['id'];
$itemname = $showit['name'];
$itemimage = $showit['image'];
$itemprice = $showit['price'];
$itemamount = $showit['amount'];
}
$checkamount = "$credits - $itemprice";
if($checkprice < "0") {
echo "Shops Error! ";
$show_query = mysql_query("SELECT FROM items WHERE shopid ='$shopid' ORDER BY itemid");
for($i=0;$i<@mysql_numrows($show_query);$i++) {

$itemid=mysql_result($show_query,$i,"itemid");
$showname=mysql_result($show_query,$i,"name");

$showimage=mysql_result($show_query,$i,"image");
$showprice=mysql_result($show_query,$i,"price");
$showamount=mysql_result($show_query,$i,"amount");
$showdescription=mysql_result($show_query,$i,"description");
$showrarity=mysql_result($show_query,$i,"rarity");

if($i%4==0) echo "<tr>";
echo "<td><center>$showname <a href=shops.php&action=buy&itemid=$itemid><img src=../images/items/$showimage border=\"0\"></a> $showprice EDC Amount: $showamount</center></td>";

if($i%4==2) echo "</tr>";
}
if($checkprice >= 0) {
$itemsid = $GET['itemsid'];
$theitem = mysql_query("SELECT FROM items WHERE itemid='$itemsid'");
while($show = mysql_fetch_array($theitem)) {
$item_id = $show['itemid'];
$item_name = $show['name'];
$item_image = $show['image'];
$item_price = $show['price'];
$item_amount = $show['amount'];
mysql_query("UPDATE items SET amount = '$item_amount' - 1 WHERE itemid='$item_id'");
mysql_query("INSERT INTO useritems (usename, item, location) VALUES ('$username', '$item_name', 'Inventory')");
mysql_query("UPDATE users SET credits='$credits' - '$item_price' WHERE username='$username'");
}

echo "Shops Success! You have bought that Item for $item_price USD. <img src=images/items/$item_image> << <a href=shops.php?shopid=1><< Back to Shop</a> | <a href=map.php>Back to Map >></a>";
}
}
}
}
}
?>

Thank You VERY Much! =]

cahva

It displays blank because display errors is set to off. Check your error log for the error that it gives.

BTW, dont use if($SESSION['username'] == "" ... to check if session variable is set. To check if variable is set, use isset() function. The way you are using it now will give notices in the error log. So for example you can do the session checking in this script this way:

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {
	notloggedin();
}

// the other if was not necessary.
// I presume you are stopping the script in notloggedin() function or redirecting to some login page.

start();

Also you are using the input($GET) straight in your sql query which is not wise(possible sql injection danger). For instance, if $GET['shopid'] is always a number, make sure it is. For example:

$shopid = (int)$_GET['shopid'];

If that is something else than a number, it will give it a value of zero. You can also check that it isnt a zero after that so you wont get errors from the query. For the other types, use mysql_real_escape_string() function to prevent sql injections.