Hi,

i have created this php system cogestione.web44.net/index.php

It is a booking system for my school.

The system works like this:
1) student select his class (I-A,II-A...) -> system selects only the courses that are related to that class ( when i add a new course in the admin section, i select the group of classes to which it is related) and the courses that aren't full ( remaining seats > 0 )
2) student insert his name and surname
3) he selects his courses ( 2 at day)

What's the problem ?

The problem is:

if a course is full ( remaining seats = 0 ) the system don't show all the courses in the front page (cogestione.web44.net/index.php) instead of not showing only the courses that are full.
This is the script i created:


<head>
    <title>Prenotazione dei Corsi</title>
     <link rel="stylesheet" type="text/css" href="admin/style.css" />
    <link href="admin/form.css" rel="stylesheet">
    <script src="admin/js/jquery.min.js" type="text/javascript"></script>
    <script type="text/javascript">
        $(document).ready(function() {

    $('input[type=radio]').click(function () {
            $('.course-radio').removeClass('selected-course');
            $(this).parent().addClass('selected-course');
    });

    $('.course-radio').hover(function(){
        $('.course-description').css('display','none');
       $(this).next('.course-description').css('display','block'); 
    },
    function(){
        $('.course-description').css('display','none');
    }
    );


});
</script>
</head>

<?php
include 'admin/config.php';
$msg = '';
$status_msg = '';

if(isset($_POST['submit'])){
$student_name = $_POST['student_name'];
$sur_name = $_POST['sur_name'];
$class =trim(stripslashes($_POST['class'])); 
$class_query = mysql_query("select * from class where name='".$class."'");
//print_r($class_query); exit;
$class_row = mysql_fetch_array($class_query);
$class_id = $class_row['id'];
$course1 = $_POST['course1'];
$course2 = $_POST['course2'];
$course3 = $_POST['course3'];
$course4 = $_POST['course4'];
$course5 = $_POST['course5'];
$course6 = $_POST['course6'];
$course7 = $_POST['course7'];
$course8 = $_POST['course8'];
$course9 = $_POST['course9'];
$course10 = $_POST['course10'];

$courses = array($course1,$course2,$course3,$course4,$course5,$course6,$course7,$course8,$course9,$course10);
//echo "<pre>";
//print_r($courses );
//echo "</pre>";
//exit;

if(empty($courses)){ //echo "1111"; exit;
        $msg = 'Please select at least one course'; 
} else {
//echo "22222"; exit;
$student_result = mysql_query("select fname,class_id from student where name='".$student_name."' AND class_id='".$class_id."'");
$student_row = mysql_fetch_array($student_result);
if($student_row['fname'] !== $student_name && $student_row['class_id'] !== $class_id ){  
$query = "insert into student (fname,sur_name,class_id) VALUES ('$student_name','$sur_name','$class_id')"; $result = mysql_query($query); if ($result) { $student_id = mysql_insert_id();
} else { $status_msg = "Failed. Try again1"; } foreach($courses as $course ){ if($course!='') { $query = "insert into studentcourse (student_id,course_id) VALUES ('$student_id','$course')"; $result = mysql_query($query); if ($result) { $status_msg = "<center>Student registered successfully.</center>"; } else { $status_msg = "Failed. Try again2"; } } } } else { foreach ($courses as $course) { if($course!='') { $query = "insert into studentcourse (student_id,course_id) VALUES ('$student_id','$course')"; $result = mysql_query($query); if ($result) { $status_msg = "<center>Student registered successfully.</center>"; } else { $status_msg = "Failed. Try again"; } } } } } } ?> <center> <h2>Prenotazione Corsi::Cogestione 2014</h2> <h2>ideato da Lorenzo Sciarretta</h2> <p>assistenza Skype: Miglioraora</p> <form action="<?php $_PHP_SELF ?>" method="POST"> <br> <div id="box-student"> <center> <h4><?php echo $status_msg; ?></h4> <table border="0"> <tr> <td width="80" >Classe</td> <td> <select name="class" onchange="window.location='<?php echo "index"; ?>.php?class='+this.value" > <option value="<?php echo $_REQUEST['class']; ?>"><?php echo $_REQUEST['class'];?></option> <?php $class_query = mysql_query("select name from class"); while($class_row = mysql_fetch_array($class_query)){ ?> <option value="<?php echo $class_row['name']; ?>"><?php echo $class_row['name'];?></option> <?php }?> </select> </td> </tr> <tr><td>Nome</td><td><input type="text" name="student_name" value="<?php echo $student_name; ?>" required></td></tr> <tr><td>Cognome</td><td><input type="text" name="sur_name" value="<?php echo $sur_name; ?>" required></td></tr> </table> <?php ?> <h4><?php echo $msg; ?></h4> <div id="course-selection"> <?php $n=0; $timing = "select distinct time,day from course"; $result = mysql_query($timing); while($time_row = mysql_fetch_array($result)){ $n++; $request_class = $_REQUEST['class']; $query = "select *,course.course_id as courseID from course,locations_group where time = '".$time_row['time']."' AND course.locations_group_id = locations_group.id AND locations_group.locations LIKE '%" . $request_class . "%'"; $result1 = mysql_query($query); ?> <div class="course-list"> <div class="course-list-header"> <?php echo $time_row['day'] ?>&nbsp;<?php echo $time_row['time'] ?> </div> <?php while ($row = mysql_fetch_array($result1)) { $booked_seats = 0; $query = mysql_query("select count('course_id') from studentcourse where course_id='".$row['courseID']."'"); $booked_seats = ceil(mysql_result($query,0)); $query = mysql_query("select * from course where course_id='".$row['courseID']."'"); $seats_row = mysql_fetch_array($query); $remaining_seats = $seats_row['seats']-$booked_seats; if($remaining_seats <= 0){ break; } ?> <div class="course-radio"> <input type="radio" name="course<?php echo $n; ?>" id="course<?php echo $row['courseID']; ?>" value="<?php echo $row['courseID']; ?>"> <label for="course<?php echo $row['courseID']; ?>" ><?php echo $row['title']; ?></label><br/> <label for="course<?php echo $row['courseID']; ?>" > <?php echo "Remaining Seats : "; echo $remaining_seats; ?> </label><br/> <label for="course<?php echo $row['id']; ?>" >Room : <?php echo $row['room'];?></label> </div> <div class="course-description"> <?php echo $row['description']; ?> </div> <?php } ?> </div> <?php if($n == 5){?> <div class="course-break" ></div> <?php } }?> </div> <br/> <table style="clear: both;"> <tr><td colspan="2" ><input class="button add-button" type="submit" name="submit" value="Clicca qui per confermare la tua prenotazione"/></td></tr> </table> </center> </div> </form> </center>

Someone can kindly help me?

Thanks very much!!

    I took a look at the first part of code and made a bunch of comments on things you need to fix. Then I got tired of trying to find whatever problem it is you are having, which I'm not too certain of from your explanation. Also, you might want to post only the code relevant to the issue you want help with.

    # The mysql extension (i.e. all mysql_ functions should not be used!
    # I personally recommend PDO as a replacement because it has named paramters.
    # You could also choose mysqli, but without named params, it sucks (also my opinion).
    $db = new PDO('connection stuff here');
    
    include 'admin/config.php';
    $msg = '';
    $status_msg = '';
    
    if(isset($_POST['submit'])){
        $student_name = $_POST['student_name'];
        $sur_name = $_POST['sur_name'];
        /* 1. stripslashes is meant to remove slashes.
         * It is not meant to escape strings to be used as sql queries
         * Also note that with prepared statements you will not have to rely on escaping strings
         * to avoid sql injection.
         */
        /* 2. Never select * from any table. Always list the columns, even when you select all of them
         */
        $stmt = $db->prepare("select * from class where name=:class");
        $stmt->bindValue('class', $_POST['class'], PDO::PARAM_STR);
        $stmt->execute();
        $class_row = $stmt->fetch(PDO::FETCH_ASSOC);
        $class_id = $class_row['id'];
    
    # Use arrays for multiple items of the same data type
    # <input name="course[]" ...>
    # $_POST['course'] will be an array
    $course1 = $_POST['course1'];
    $course2 = $_POST['course2'];
    $course3 = $_POST['course3'];
    $course4 = $_POST['course4'];
    $course5 = $_POST['course5'];
    $course6 = $_POST['course6'];
    $course7 = $_POST['course7'];
    $course8 = $_POST['course8'];
    $course9 = $_POST['course9'];
    $course10 = $_POST['course10'];
    
    $courses = array($course1,$course2,$course3,$course4,$course5,$course6,$course7,$course8,$course9,$course10);
    
    
    # You never checked if any of those values where set. So evevn when none of them were set, you would still end up
    # with an array of 10 null values.
    # This outcome of this can easily be inspected…
    /*
    $arr = [
        $undefined1,
        $undefined2,
    ];
    print_r($arr);
    echo empty($arr) ? 'empty' : 'not empty';
    
     */
    # In other words, $courses is never empty, which makes the if check unnecessary and misleading.
    if(empty($courses)){ //echo "1111"; exit;
        $msg = 'Please select at least one course';
    } else {
    
        # replace mysql calls
        $student_result = mysql_query("select fname,class_id from student where name='".$student_name."' AND class_id='".$class_id."'");
        $student_row = mysql_fetch_array($student_result);
        # Turn on error reporting! false['fname'] makes no sense.
        # $student_row will either be an array with keys fname and class_id or it will be false.
        # Well, it would be when you were using mysql. When you replace it, check the documentation for whatever db extension you use
        # to find out what that returns. I still recommend PDO
        if($student_row['fname'] !== $student_name && $student_row['class_id'] !== $class_id ){
            $query = "insert into student (fname,sur_name,class_id) VALUES ('$student_name','$sur_name','$class_id')";
            $result = mysql_query($query);
            if ($result) {
                $student_id = mysql_insert_id();
            } else {
                # failed… yet you continue the script as if nothing happened, as in continue execution below… but without a valid student_id…
                $status_msg = "Failed. Try again1";
            }
    
            foreach($courses as $course ){
                if($course!='') {
                    # … which would make this insert (null, $course)
                    $query = "insert into studentcourse (student_id,course_id) VALUES ('$student_id','$course')";
                    $result = mysql_query($query);
                    if ($result) {
                        $status_msg = "<center>Student registered successfully.</center>";
                    } else {
                        $status_msg = "Failed. Try again2";
                    }
                }
    
            }
        } else {
            foreach ($courses as $course) {
                if($course!='') {
                    $query = "insert into studentcourse (student_id,course_id) VALUES ('$student_id','$course')";
                    $result = mysql_query($query);
                    if ($result) {
                        $status_msg = "<center>Student registered successfully.</center>";
                    } else {
                        $status_msg = "Failed. Try again";
                    }
                }
            }
        }
    }
    }
      Write a Reply...