PHP Field Values not going forward to next web page

donglass

I am new to PHP, have been unable to resolve the following problem, and need some help. I am setting up my online store, and I recently bought a PHP/MySQL/Apache book that has online store code in it, which I am trying to use. Below is the field layout for the products table, which is the only table being used by this particular portion that I am having problems with. I added 6 records of test data, which is also shown below. The records are there, and have proven they are when executing 'SELECT * FROM products;' at the mysql prompt. The shop.php program is the home or main page which appears to be working fine, and I have supplied small pictures with file names "00001_t.jpg" to "00006_t.jpg", which work along with the product name and price that show up as they should in the browser. The problem that I am having is that when I click on the product name of that page, the field values do not transfer forward to the view_product page when view_product.php is triggered. So, the prodcode, the prodname, and the price is blank on the page produced by view_product.php program, and that is not working correctly. I am currently dead in the water, so I hope someone out there can help me.

// Create the Products table
$query = 'CREATE TABLE IF NOT EXISTS products (
prodcode CHAR(5) NOT NULL,
prodname VARCHAR(100) NOT NULL,
descrip MEDIUMTEXT,
price DEC(6,2) NOT NULL,

   PRIMARY KEY (prodcode)
)
ENGINE=InnoDB';

mysql_query($query, $db) or die (mysql_error($db));

$query = 'INSERT INTO comic_store.products
(prodcode, prodname, descrip, price)
VALUES
("00001",
"CBA Logo T-shirt",
"This T-shirt will show off your CBA connection. Our T-shirts are ' .
'all made of high quality and 100% preshrunk cotton.",
17.95),
("00002",
"CBA Bumper Sticker",
"Let the world know you are a proud supporter of the CBA web site ' .
'with this colorful bumper sticker.",
5.95),
("00003",
"CBA Coffee Mug",
"With the CBA logo looking back at you over your morning cup of ' .
'coffee, you are sure to have a great start to your day. Our mugs ' .
'are microwave and dishwasher safe.",
8.95),
("00004",
"Superhero Body Suit",
"We have a complete selection of colors and sizes for you to choose ' .
'from. This body suit is sleek, stylish, and won\'t hinder either ' .
'your crime-fighting skills or evil scheming abilities. We also ' .
'offer your choice in monogrammed letter applique.",
99.95),
("00005",
"Small Grappling Hook",
"The specialized hook will get you out of the tightest places. ' .
'Specially designed for portability and stealth, please be aware ' .
'that this hook does come with a weight limit.",
139.95),
("00006",
"Large Grappling Hook",
"For all your heavy-duty building-to-building swinging needs, this ' .
'large version of our grappling hook will safely transport you ' .
'throughout the city. Please be advised however that at 50 pounds ' .
'this is hardly the hook to use if you are a lightweight.",
199.95)';

mysql_query($query, $db) or die(mysql_error($db));

The following is the shop.php code:

<!DOCTYPE html>

<html>
<head>
<meta http-equiv="Content Type" content="text/html; charset=utf-8">
<title>Comic Book Appreciation Site Product List</title>
</head>

<h1>Comic Book Appreciation Store</h1><br>

<hr>

<p>Thanks for visiting our site! Please see our list of awesome products
below, and click on the link for more information:</p>

<?php
require 'db.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
die ('Unable to connect. Check your connection parameters.');

mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

$query = 'SELECT
prodcode, prodname, price
FROM
comic_store.products
ORDER By
prodcode ASC';

$result = mysql_query($query, $db)or die(mysql_error($db));

$odd = true;

while ($row = mysql_fetch_array($result)) {
echo ($odd == true) ? '<tr class="odd_row">' : '<tr class="even_row">';
$odd = !$odd;
extract($row);
echo '<td style-"text-align: center; width:100px;"><a href="' .
'view_product.php?prodcode=' . $prodcode .
'"><img src="images/' . $prodcode . '_t.jpg" alt="' . $prodname .
'"/></a></td>';

echo '<td><a href="view_product.php?prodcode' . $prodcode .
'">' . $prodname . '</a></td>';
echo '<td style="text-align: right;"><a href=view_product.php?' .
'prodcode=' . $prodcode . '">' . "$" . $price . '</a></td>';
echo '</tr>';
}
?>

</table>
</body>
</html>

The following is the view_product.php code:

<?php
session_start();

require 'db.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
die ('Unable to connect. Check your connection parameters.');
mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

$prodcode = isset($GET['prodcode']) ? $GET['prodcode'] : '';

$query = 'SELECT
prodcode, prodname, descrip, price
FROM
comic_store.products
WHERE
prodcode = "' . mysql_real_escape_string($prodcode, $db)
. '"';
$result = mysql_query($query, $db)or die(mysql_error($db));

if (mysql_num_rows($result) >= 1) {
header ('Location: shop.php');
mysql_free_result($result);
mysql_close($db);
exit();
}
$row = mysql_fetch_assoc($result);
extract($row);
?>
<html>
<head>
<title><?php echo $prodname; ?></title>
<style type="text/css">
th {backgrond-color: #999}
td {vertical-align: top;}
.odd_row {background-color: #EEE}
.even_row {background-color: #FFF}
</style>
</head>
<body>
<h1>Comic Book Appreciation Store</h1>
<p><a href="view_cart.php">View Cart</a></p>
<h2><?php echo $prodname; ?></h2>
<table>
<tr>
<td rowspan="4"><img src="images/<?php echo $prodcode; ?>._t.png"
alt="<?php echo $prodname; ?>"/></td>
</tr><tr>
<td><strong>Product Code:</strong> <?php echo $prodcode; ?></td>
<tr><tr>
<td><strong>Price:</strong> $<?php echo $price; ?></td>
<tr><tr>
<td>
<form method="post" action="update_cart.php">
<div>
<input type="hidden" name="prodcode"
value="<?php echo $prodname; ?>"/>
<label for="qty">Quantity; </label>

<?php
echo '<input type="hidden" name="redirect" value="view_product.php?' .
'prodcode=' . $prodcode . '"/>';

$session = session_id();
$query = 'SELECT
qty
FROM
comic_store.cart
WHERE
session = "' . $session . '" AND
prodcode = "' . $prodcode . '"';
$result = mysql_query($query, $db) or die(mysql_error($db));

if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_assoc($result);
extract($row);
} else {
$qty = 0;
}
mysql_free_result($result);

echo '<input type="text" prodname="qty" id="qty" size="2" maxlength="2" value="' .
$qty . '"/>';

if ($qty > 0) {
echo '<input type="submit" name="submit" value="Change Qty"/>';
} else {
echo '<input type="submit" name="submit" value="Add to Cart"/>';
}
?>
</div>
</form>
</td>
</tr>
</table
<hr/>
<p><a href="shop.php"><< Back to home page</a></p>
</body>
</html>

Don G

johanafm

The user never sees anything since you immediately (and incorrectly) forward the user to shop.php, which in other words should be http(s)://example.com/path/to/shop.php
An http 1.1 location header has two parts 'Location:' and absoluteURI, as can be seen in the RFC

The field value consists of a single absolute URI.

Your code (and do put it in [ php] ... [ /php] tags, and also indent your code if you want anyone to look at it)

if (mysql_num_rows($result) >= 1) {
	header ('Location: http://example.com/shop.php');

So, if a product exists for prodcode=@prodcode, tell the browser to go to shop.php. The browser is stateless and has no memory of pages past.
Do you simply wish to have the prodcode available in shop.php? If so, then append "?prodcode=$prodcode". However, if that's all you wish to do, then why pass through an intermidiate script for no reason. You could instead send the user directly to shop.php?prodcode=...

If however you are in the right script and should do things with the product there, then change your if condition to == 0 instead of >= 1.