problems transfering info from one page to another

hellz

😕 hi, what im trying to do is transfer info from one page to another. ill attach the code im currently using. Any help would be greatly appriciated 🙂

Purchase page

 <?php

$dbc = mysql_connect ('****.com','***','***') OR die('Could not connect to MySQL : ' . mysql_error() );
mysql_select_db ('***') OR die('Could not select the database : ' . mysql_error() );


$query = "SELECT * FROM item WHERE sale='yes'";
$result =  mysql_query ($query); 

?>


<table>
  <tr>
    <td ><strong>Artist Name</strong></td>
    <td ><strong>Album Name </strong></td>
    <td ><strong>Price </strong></td>
    <td ><strong>Product Description</strong></td>
       <td ><strong>Image</strong></td>
          <td><strong>Quantity</strong></td>
          <td ><strong>Add to Basket</strong></td>
  </tr>
 <?php

while($row = mysql_fetch_array($result,MYSQL_ASSOC))

echo "<tr><td>$row[Artist]</td><td>$row[Album] </td><td>$row[Price]</td><td>$row[ProductDesc]</td><td><img src=$row[Image] /><td><select name='quantity'><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option><option value='4'>4</option></select><td><a href=\"purchase.php?ProdId=$row[ProductId]\">Add Item</a></td>
</tr>\n";

 mysql_close();
 ?> 


</table>

This is the buy page where im trying to transfer the product id and then bring the infomation back from the database to display on the page which relates to the product id.

 <?php
$dbc = mysql_connect ('**.com','**','***') OR die('Could not connect to MySQL : ' . mysql_error() );
mysql_select_db ('***') OR die('Could not select the database : ' . mysql_error() );


$query = "SELECT * FROM item WHERE ProductId='$ProdId'";

$result=do_query($query);
$row= mysql_fetch_array($result);

echo "Artist . " $row['Artist'] . "<br/>";


 ?>

Can anyone help?

Weedpacket

....and what's the problem you're having? I don't see anything apart from the fact that there's nothing on the purchase page that passes anything anywhere.

kostis12345

Actually no info is passed to the other page because $row[ProductId](in purchase.php?ProdId=$row[ProductId]) when viewed on the browser has already changed to a number so when you click Add Item the browser redirects to purchase.php?ProdId=3 (for example) ,not purchase.php?ProdId=$row[ProductId].
Why don't you do it with a form?

<?php

$dbc = mysql_connect ('****.com','***','***') OR die('Could not connect to MySQL : ' . mysql_error() );
mysql_select_db ('***') OR die('Could not select the database : ' . mysql_error() );


$query = "SELECT * FROM item WHERE sale='yes'";
$result =  mysql_query ($query);
$row = mysql_fetch_array($result);
?>
<form action='purchase.php?buy='yes' method='post'>
<tr>
	<td> <?php echo $row[Artist];?></td>
	<td><?php echo $row[Album];?> </td>
	<td><?php echo $row[Price];?></td>
	<td><?php echo $row[ProductDesc];?></td>
	<td><img src=<?php echo $row[Image];?> /><td>
	<select name='quantity'>
		<option value='1'>1</option>
		<option value='2'>2</option>
		<option value='3'>3</option>
		<option value='4'>4</option>
	</select>
	<td><input type="submit" value="Add Item"></td>
</tr>

</form>
<?php
$_POST['id'] = $row[ProductId];
?>

 <?php

$dbc = mysql_connect ('**.com','**','***') OR die('Could not connect to MySQL : ' . mysql_error() );
mysql_select_db ('***') OR die('Could not select the database : ' . mysql_error() );
$buy = $_GET['buy'];
$id = $_POST['id'];
if ($buy == 'yes')
{
 $query = "SELECT * FROM item WHERE ProductId='$id'";

$result=mysql_query($query);
$row= mysql_fetch_array($result);

echo $row['Artist'];

}


?>

Note:The code above is untested so if anybody sees any error please post.

hellz

i tried that but now the first page which is meant to list the items does not have anything on at all. It not retrieve the info from the database

kostis12345

try the code you entered

$result=do_query($query);
$row= mysql_fetch_array($result);

instead of my

$result =  mysql_query ($query);
$row = mysql_fetch_array($result);

If it doesn't work I'll try to fix it tommorow.It's like 1:13AM now,not a good time to debug 😛

djjjozsi

are you sure that on the next page $_POST['id'] would pass its value ?

"buy" should stored in hidden value instead of in GET superglobal.

kostis12345

oh yeah,I must stop coding late at night 😛
the form should be

<form action='purchase.php?buy='yes' method='post'>
<tr>
    <td> <?php echo $row[Artist];?></td>
    <td><?php echo $row[Album];?> </td>
    <td><?php echo $row[Price];?></td>
    <td><?php echo $row[ProductDesc];?></td>
    <td><img src=<?php echo $row[Image];?> /><td>
    <select name='quantity'>
        <option value='1'>1</option>
        <option value='2'>2</option>
        <option value='3'>3</option>
        <option value='4'>4</option>
    </select>
    <td><input type="submit" value="Add Item"></td>
</tr>
<input type="hidden" name="id" value="<php echo $row[ProductId];?>" />
</form>

The second page should also check if "$id" is set or not so it should be like this

 <?php

$dbc = mysql_connect ('**.com','**','***') OR die('Could not connect to MySQL : ' . mysql_error() );
mysql_select_db ('***') OR die('Could not select the database : ' . mysql_error() );
$buy = $_GET['buy'];
$id = $_POST['id'];
if ($buy == 'yes' && isset($id))
{
$query = "SELECT * FROM item WHERE ProductId='$id'";

$result=mysql_query($query);
$row= mysql_fetch_array($result);

echo $row['Artist'];

}


?>

Why can't "buy" be in the url?It's not a passing any important data it's just to check if a user got to that page to buy a specific item or not.

Weedpacket

kostis12345 wrote:
Why can't "buy" be in the url?

Apart from the fact that it looks tacky? You've got a form, it's generating a POST request to the server (and not a GET request), why not use it? Apart from that, no reason. RFC2616 doesn't forbid it.

djjjozsi

$buy could never be equal with: .... =='yes'

$buy has set as "'yes'" , or \'yes\' in some cases, depending on server settings.

on servers where the magic-quotes-gpc has enabled all the values from special globals $GET $POST converted such as:
' into \' \ into \ " converted into \". If you don't know this setting on another servers your program will be bad designed. If you re-write the url's variables into the html code , these converts could cause doubled escaped code =>> can mess your html forms...

this is the worst technique how you kill the database by a hacker attach... directly inserting untrusted codes makes this example unsecure.

<?php
$query = "SELECT * FROM item WHERE ProductId='$id'";

if i were you, i were make like this:

if(isset($_GET["buy"]) AND $_GET["buy"]=="'yes'" AND isset($_POST["id"]))
{
$query = sprintf("SELECT * FROM item WHERE ProductId=%d" , $_POST["id"]);
//...
}
?>

Why can't "buy" be in the url?It's not a passing any important data it's just to check if a user got to that page to buy a specific item or not.

an embedded hidden element could make this track. In the one hand, If you make more then one products order page, your statistic log will be untidy...
, in the second hand, Search Engines don't really like urls with questionmarks, 4 example google 'hates' un-SEO Friendly urls. google + SEO friendly urls

Several times I gave full codes since I am on this forum.
But I realised it that I may cause things that i did not know 🙂
4 example a harmful code may ruin a live system. A beginner may learn a bad technique from me.
And I was told many times that "a full code again, but these are the problems with it.."

In that case you are sure that your mentioned codes reliable publish them, and this is just a suggestion, only.

hello, jjozsi.

Weedpacket

djjjozsi wrote:
$buy has set as "'yes'" , or \'yes\' in some cases, depending on server settings.

Actually I just assumed that the quotes around "yes" were a typo: while they're there the form's action would just be "purchase.php?buy=".

in the second hand, Search Engines don't really like urls with questionmarks,

Not really relevant in this case, since a search engine wouldn't have any use indexing a shopping cart's purchasing form. In fact, if they don't like it then all the better. Not that it would try to index a POST anyway.

hellz

the code still doesn't display anything on the buy. on the purchase page i only get one item from the database, is there some sort of loop that im missin to make it retrieve all the data?

hellz

It still does not transfer the info to the next page. im wondering if it something to do with this bit : <form action='purchase.php?buy='yes' method='post'>
on the page it misses out the 'yes' bit off the address but dunno if that it needs when transferin?

$query = "SELECT * FROM item WHERE sale='yes'";
$result =  mysql_query ($query); 
$row = mysql_fetch_array($result); 

?>
<?php while($row = mysql_fetch_array($result)) {?>
<form action='purchase.php?buy='yes' method='post'> 
<tr> 

<td><b><?php echo $row[Album];?></b> </td> <br/>
    <td> <b><?php echo $row[Artist];?></b></td> <br/>
    <td><?php echo $row[ProductDesc];?></td> <br/>
    <td><img src=<?php echo $row[Image];?> /></td> </br> 
    <td><?php echo $row[Price];?></td>
    <select name='quantity'> 
        <option value='1'>1</option> 
        <option value='2'>2</option> 
        <option value='3'>3</option> 
        <option value='4'>4</option> 
    </select> 
    <td><input type="submit" value="Add Item"></td> 
</tr> 
<input type="hidden" name="id" value="<php echo $row[ProductId];?>" /> <br/>

</form> 
<?php
}
mysql_close(); 
?>

Weedpacket

hellz wrote:
on the page it misses out the 'yes' bit off the address but dunno if that it needs when transferin?

See my post #10 above.

hellz

that all works now, thanks for the help everyone