PHP commands not being executed when clicked on a button

mfredy92

Hello everyone,

I am having some trouble with some php. When I click on the button I want some values to be added to the database.

I am wondering if you guys can tell where I am going wrong with the code

$mydvd = $row->DVDID;
		$name = $row->NameOfTheDVD;
		$Quantity = $row -> Quantity;
		$Price = $row -> Price;

	echo '<input type="hidden" name="id" value="'.$mydvd.'">';
	echo '<input type="hidden" name="item" value="'.$name.'">';
	echo '<input type="hidden" name="Quantity" value="'.$Quantity.'">';
	echo '<input type="hidden" name="Price" value="'.$Price.'">';
	echo '<input type="hidden" name="Cart" value="'.$cartItemCount.'">';
	echo '<input type="hidden" name="temp" value="'.$temp.'">'
            echo '<td><button><a href = "basket.php?id='.$mydvd.'&name='.$name.'&Quantity='.$Quantity.'&Cart='.$cartItemCount.'&Price='.$Price.' "> Add To Basket</a><br></button></td>';

if (isset($_GET['Add To Basket'])) 
        { 
          echo "button 1 has been pressed"; 
		  $query_insertintotable= 'INSERT INTO basket (DVDID, NameOfTheDVD, Quantity, Price) 
		                         VALUES (.$mydvdid.,.$name.,.$£Quantity.,.$Price)';

	$query = $dbhandle->prepare( $query_insertintotable );
	$query->execute( );
    }

SO when the user clicks on the button, I want the data to be inserted into the database

traq

$query_insertintotable= 'INSERT INTO basket (DVDID, NameOfTheDVD, Quantity, Price)  

                                 VALUES (.$mydvdid.,.$name.,.$£Quantity.,.$Price)';

Couple of things, here:

You're using single quotes, so what might look like variables to you are simply literal strings with dollar signs.

PHP interprets variables in double quotes.
Why are you surrounding your values with periods ( . )? This would cause an SQL syntax error.
Which begs the question, do you ever check to see if your query was successful or not? do you check for error messages from the DB?
I cannot be sure without seeing your entire code, but it appears that you are trying to insert the same data that you just retrieved from the database…? is this what you intended?

mfredy92

Well, my problem at the moment. I am able to add one DVD to the table, but when I click the button I am only able to add one item but when I click the button again, I am not able to add another one. The query is working perfectly, otherwise it would not display the record in the database

cretaceous

You are probably seeing what is already in your database table.
What Traq said... and this bit is also wrong:

  echo '<td><button><a href = "basket.php?id='.$mydvd.'&name='.$name.'&Quantity='.$Quantity.'&Cart='.$cartItemCount.'&Price='.$Price.' "> Add To Basket</a><br></button></td>';

if (isset($_GET['Add To Basket'])) {

To put 'AddToBasket' into the $_GET array you need to do:

  echo '<td><button><a href = "basket.php?id='.$mydvd.'&name='.$name.'&Quantity='.$Quantity.'&Cart='.$cartItemCount.'&Price='.$Price.'&AddToBasket=1 ">some random words</a><br></button></td>';

then

 
if (isset($_GET['AddToBasket'])) {

so no spaces in AddToBasket (unless you urlencode them) but the wording of the link is irrelevant.
This must be a typo: $£Quantity

mfredy92

I have altered that bit. But my problem at the moment is I am not able to add more than item to the table in the database and whichever button I clicked, I keep getting the same one. Can you please help me with that?

Thank you

traq

Every issue I and @ mentioned bear directly on your problem. You need to look into these issues in order to move forward.

mfredy92

but thats the thing. Its actually adding one of the product into the database. If its not working, I know it would produce an error. I know there is no problem with the INSERT statements

mfredy92

I would be so thankful if i could sort this error out by tonight. I am just not quite sure what you are getting at, because I have done the Insert statements properly

$query_insertintotable= 'INSERT INTO `basket` (DVDID, NameOfTheDVD, Quantity, Price) 
		                         VALUES (:mydvd,:name,:quantity,:price)';

	$query = $dbhandle->prepare( $query_insertintotable );
	$query->execute( array( ':mydvd'=>$mydvd, ':name'=>$name, ':quantity'=>$Quantity, ':price' => $Price ) );

Above is my insert statement

Weedpacket

mfredy92 wrote:
whichever button I clicked, I keep getting the same one.

What does this mean? What button out of which buttons? What does "one" refer to? How are you "getting" it? What happens when you do? What is supposed to happen?

If you're so sure the INSERT is not the problem, why show us the INSERT? Maybe that part is all working fine (have you looked in the database to see what it contains?) but there is something wrong with this whole "get" thing you mention.

traq

mfredy92;11039013 wrote:

$query_insertintotable= 'INSERT INTO `basket` (DVDID, NameOfTheDVD, Quantity, Price) 
	VALUES (:mydvd,:name,:quantity,:price)';

This SQL is very different than the SQL you shared in your original post:

mfredy92;11038997 wrote:

$query_insertintotable= 'INSERT INTO basket (DVDID, NameOfTheDVD, Quantity, Price) 
	VALUES (.$mydvdid.,.$name.,.$£Quantity.,.$Price)';

So, that's solved.

However, there is still the fact that you're trying to do something, and it's not working. You need to check for errors instead of simply assuming that there are none.

There is still the fact that (it would appear) you are using the results from your previous query to insert the new record, rather than trying to use the values submitted by the user.

If I am misunderstanding the situation, please explain. It would also probably help a lot if you shared the complete, actual code you are using. As @ alluded to, we need specifics in order to give any useful suggestions.

mfredy92

The problem I am you know on the webpage, when I click on the 'AddToBasket' button, its meant to select a particular DVD and insert that record onto the table. But at the moment, for example, if I choose SKyfall, then it should insert that record into the table. However, no matter which DVD I select, only Hobbit is being inserted into the table

mfredy92

<?php
     require "connect.php";
     $query = "SELECT `DVDID`, `NameOfTheDVD`, `Quantity`, `Price` FROM `DVD` ";
	 $temp =  "CREATE TEMPORARY TABLE `Basket`(
                                    DVDID INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ,
                                    NameOfTheDVD VARCHAR( 20 ) ,
									Quantity INT (4) ,
									Price FLOAT (3.0))
									Engine = Memory";
     $stmt = $dbhandle->prepare($query);
     $stmt->execute();

 $num = $stmt->rowCount();

 echo "<table border='3';>";
	echo '<tr>';
    echo '<th>DVD</th>';
    echo '<th>Quantity</th>';
	echo '<th>Price</th>';
	echo '<th>Add To Basket</th>';
	echo '<th> Description </th>';
    echo '</tr>';

 if($num>0){
  while ($row = $stmt->fetch(PDO::FETCH_OBJ)){

    $mydvd = $row->DVDID;
	$name = $row->NameOfTheDVD;
	$Quantity = $row -> Quantity;
	$Price = $row -> Price;


	echo '<input type="hidden" name="id" value="'.$mydvd.'">';
	echo '<input type="hidden" name="item" value="'.$name.'">';
	echo '<input type="hidden" name="Quantity" value="'.$Quantity.'">';
	echo '<input type="hidden" name="Price" value="'.$Price.'">';
	echo '<input type="hidden" name="Cart" value="'.$cartItemCount.'">';
	echo '<input type="hidden" name="temp" value="'.$temp.'">';



    echo '<tr>';

    echo '<td>Name Of the DVD : <br>'.$row->NameOfTheDVD.'<br></td>';
    echo '<td>Quantity :  '.$row->Quantity.'</td>';
	echo '<td>Price:  '.$row->Price.'</td>';
	echo '<td><button><a href = "basket.php?id='.$mydvd.'&name='.$name.'&Quantity='.$Quantity.'&Cart='.$cartItemCount.'&Price='.$Price.'&AddToBasket=1  "> AddToBasket</a><br></button></td>';
	echo '<td><button><a href = "Description.php">View Description</a></td>';
    echo '</tr>';


	}

	$query_insertintotable= 'INSERT INTO `basket` (DVDID, NameOfTheDVD, Quantity, Price) 
	                         VALUES (:mydvd,:name,:quantity,:price)';

	$query = $dbhandle->prepare( $query_insertintotable );
	$query->execute( array( ':mydvd'=>$mydvd, ':name'=>$name, ':quantity'=>$Quantity, ':price' => $Price ) );


	}



    // no products in the database
    else{
      echo "No products found.";
    }



 ?>

Above is the whole PHP code

traq

mfredy92;11039027 wrote:
The problem I am you know on the webpage, when I click on the 'AddToBasket' button, its meant to select a particular DVD and insert that record onto the table. But at the moment, for example, if I choose SKyfall, then it should insert that record into the table. However, no matter which DVD I select, only Hobbit is being inserted into the table

As I suspected earlier, you are using the values you retrieve from the database to perform the insert. You are ignoring the user's input.

$query->execute( array( ':mydvd'=>$mydvd, ':name'=>$name, ':quantity'=>$Quantity, ':price' => $Price ) );

Here, [font=monospace]$mydvd[/font] (et al) were assigned in the last iteration of your [font=monospace]while[/font] loop (so, I conclude that the last record in your result set is The Hobbit…?). Depending on how your database schema is designed, duplicate records may or may not be accepted.

If you want to use the values your user submitted, you need to assign them from the [font=monospace]$_GET[/font] array.

A few other observations:

The code you posted does not include anything that checks/retrieves info from the user. (Your previous code at least tried to check whether the user clicked the "Add To Cart" button.) This code will try to insert a new record No Matter What.
It looks as though you intend to record all of the DVD info from the user's submission, including the Price…? is this correct? Keep in mind that this basically means the user can choose their own price.
Do you need the records in your database to be associated with the user that created them? Your current design has no way of tracking them.
Is there a reason you are not using a form for this data? You make inputs for the various parameters, but you don't use them.
Because you are building the query string directly, you need to make sure the parameters are [man]URLencode[/man]ed.
You use the variables [font=monospace]$temp[/font] and [font=monospace]$cartItemCount[/font] in your code, but they are not defined anywhere.

I would recommend taking a step back and working out the specifics of what you need your code to do before continuing. Make out a step-by-step plan in plain English, and then it will be much easier to translate to code.

mfredy92

So how do I use the $_GET array properly? and you are correct about the 'The Hobbit'. Thanks for helping me out

traq

You're welcome.

Are you familiar with how $[man]_GET[/man] and other pre-populated superglobals work in PHP?

Each of the parameters in your query string will be present in the $GET array. So, for example, if you had a hyperlink:

<a href=?mydvd=42&name=The%20Hobbit>The Hobbit</a>

…then the $_GET array would look something like:

array(2) {
  ["mydvd"]=>
    int(42)
  ["name"]=>
    string(10) "The Hobbit"
}

…and you could access them like so:

<?php

$dvdId = $_GET["mydvd"];
$dvdName = $_GET["name"];

mfredy92

oh yes, I surely know how to use $GET arrays, because I use that to display the products in the basket itself. But I am just not sure why would u use $GET to add products to the database?

Before, I was adding products tot he database. I used URL to display products that the user selected. but my mentor, said that is is very insecure as anyone can really change the data.

That is one of the reasons I decided to ad products to a table in the database and to display them in the basket itself.

traq

mfredy92;11039043 wrote:
oh yes, I surely know how to use $GET arrays, because I use that to display the products in the basket itself. But I am just not sure why would u use $GET to add products to the database?

Because you are passing the user's choices to your script in the query string.

mfredy92;11039043 wrote:
Before, I was adding products tot he database. I used URL to display products that the user selected. but my mentor, said that is is very insecure as anyone can really change the data.

This insecurity will always exist; which is why you should be validating the data before you store it in your DB.

Take my earlier example of the Price: say you give the user a link like so:

<a href="?dvdID=1&name=The%20Awesomest%20Movie%20Ever&price=100">Buy <i>The Awesomest Movie Ever</i> for $100</a>

What if, instead of clicking on that link, the user typed the URL into their address bar instead—but made a little change first?

http://your-website.example.com/your/script.php?dvdID=1&name=The%20Awesomest%20Movie%20Ever&price=0

Since you don't validate the input, the record you insert into your DB will have a price of $0. YES! Free movies!

This is possible even if you use forms (GET or POST). You must validate the user's input. You must Never Trust User Input.

Take this a step further, though. Out of all that information, which part is the only thing that you don't already know? You already know which Title goes with which ID. You already know how much it costs. The only thing you don't know is which one the user will choose. So, there's no need to ask them what the title is or how much it costs: only ask them which one they want.

<a href=?dvdID=1>Buy <i>The Awesomest Movie Ever</i> for $100</a>

When you get that dvd ID number, you're all set: insert a record with the dvd ID, the id of the user who wants it, and the sale price.

You'll probably need to re-organize the way your tables are designed, however. Maybe something like:

[COLOR="#A9A9A9"]-- available DVDs + regular price[/COLOR]
create table dvd(
  id    serial       primary key,
  name  varchar(100) not null,
  price decimal(5,2) not null
)engine=innodb;

[COLOR="#A9A9A9"]-- DVDs that a user ordered + final sale price[/COLOR]
create table dvd_cart(
  dvd_id  bigint unsigned not null,
  user_id [COLOR="#A9A9A9"]-- (whatever data type your user table primary key is)[/COLOR]
  price   decimal(5,2)    not null,
  [COLOR="#A9A9A9"]-- this foreign key ensures all items in the cart belong to an existing user[/COLOR]
  foreign key(user_id) references user(id),
  [COLOR="#A9A9A9"]-- this foreign key ensures you cannot buy a dvd that does not exist[/COLOR]
  foreign key(dvd_id)  references dvd(id)
)engine=innodb;

mfredy92

SO does that mean I have to make a link everytime a new DVD is added to the table? I understand your way. Thanks so much for your help. You have made it a lot simpler.

At the moment, I am just concentrating on the DVD side of things, once thats working, then I will implement the user stuff as well

traq

mfredy92;11039053 wrote:
SO does that mean I have to make a link everytime a new DVD is added to the table? I understand your way. Thanks so much for your help. You have made it a lot simpler

You can still construct your buttons in the same way you have been: select all the records from the DVD table and then loop through them to build each button (though using only the ID in the query string).

However, you might want to switch to actually using a form (since these buttons cause changes on your server, it is most appropriate to use the POST method).

mfredy92;11039053 wrote:
At the moment, I am just concentrating on the DVD side of things, once thats working, then I will implement the user stuff as well

Don't wait too long—that's what I was trying to point out earlier about making a complete plan before continuing.

If you focus on only one, immediate aspect of your project, you often end up wasting lots of time perfecting code that will need to be changed (or rewritten completely) when you move on to the next part.

mfredy92

echo '<td><button><a href = "basket.php?id='.$mydvd.' "> AddToBasket</a><br></button></td>';

I am guessing the above code is right, I am only passing the DVD ID. So the user won't be able to amend the price

Oh right.