Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1625
  • Last Modified:

database insert script php

i have this script which i'm goin to use for a simple ecommerce shop admin section but i can't seem to get it to add the products which is a major flaw for any ecommerce site!





here is the code:



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Add a Product</title>
</head>
<body>

<?php

//This script will enable the admin staff to add a prodcut to the database

//include the database connection
require_once('mysql_connect.php');

//see if form has been submitted
if (isset($_POST['submitted'])){


//form validation

if(!empty($_POST['product_name'])){
      $pn = escape_data($_POST['prodcut_name']);
      } else {
      $pn = FALSE;
      echo '<p style="color:red">Please enter a prodcut name</p>';
      }

//check image

if (is_uploaded_file ($_FILES['image'] ['tmp_name'])){
      if (move_uploaded_file($_FILES['image']['tmp_name'], "{$_FILES['image']['name']}")){
      
echo '<p> The file has been uploaded </p>';

} else {

echo '<p style="color:red">file was not uploaded</p>';

$i = FALSE;

}

$i = $_FILES['image']['name'];

} else {

$i = FALSE;

}

//Validate the rest of the fields

if(!empty($_POST['size'])){
      $s = escape_data($_POST['size']);
      } else {
      $s = FALSE;
      echo '<p style="color:red">Please enter a size</p>';
      }
      
if(!empty($_POST['description'])){
      $d = escape_data($_POST['description']);
      } else {
      $d = FALSE;
      echo '<p style="color:red">Please enter a description</p>';
      }

//Check price
if(is_numeric($_POST['price'])){
  $p = (float) $_POST['price'];
  } else {
  $p = FALSE;
  echo '<p style="color:red">Please enter a price</p>';
  }
 
//The product must now be assigned a menu item to go under
      if ($_POST['menu1'] == 'new'){
   
      //if its a new one then add it to the database motherfuckers!!!
      $query = 'INSERT INTO menu (menu_name) Values (';
      
      if (!empty($_POST['menu_name'])){
      $query .= "'" . escape_data($_POST['menu_name']) . "')";
      
      
       $result = mysql_query($query);
       $a = mysql_insert_id();
      
      } else {
        $a = FALSE;
        echo '<p style="color:red">Please enter the menu name</p>';
        
      }
      
      
      } else if ( ($_POST['menu'] =='existing') && ($_POST['existing'] > 0)) {
      
      $a = (int) $_POST['existing'];
       } else {
        $a = FALSE;
        echo '<p style="color:red;">Please enter or select a menu item for this product</p>';
        
        }
        
        if ($pn && $i && $s && $d && $a) {//check eveything is ok up to here
        
        //add product to database.
        $query = "INSERT INTO products (product_id, product_name, price, size, description, image_name) VALUES ( $a, '$pn', '$p', '$s', '$d', '$i')";
        if ($result = mysql_query($dbc, $query)){
          echo '<p>product has been added</p>';
            
         } else {
           echo '<p> could not do it</p>';
         }
        
         } else {
          echo '<p>click back and try again</p>';
            }
      } else { //display the form
      ?>

<form action="add_product.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="524288" />
<fieldset>
<legend>Fill out the form dude!</legend>
<p>Product name:<input name="product_name" type="text" size="30" maxlength="60" /></p>
<p>image:<input name="image" type="file" /></p>

<br />
<br />
<h3>Menu Item</h3>
<p><input name="menu" type="radio" value="existing" />      Existing =>
<select name="existing">
<option>select one</option>
<? php // get the current list of menu items and display them in the select box geezers!
$query = "SELECT menu_name, menu_id FROM menu ORDER BY menu_name ASC";
$result = mysqli_query($dbc, $query);
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){
echo "<option value=\"{$row['menu_id']}\">{$row['menu_name']</option>\n";
}
mysqli_close($dbc);//close database conn
?>
</select></p>
<input name="menu1" type="radio" value="new" />      new =>
<p>New menu :<input name="menu_name" type="text"  /></p>
<p>Price:<input name="price" type="text" /></p>
<p>size:<input name="size" type="text" /></p>
<p>description:<textarea name="description" cols="40" rows="5" /></textarea></p>
</fieldset>
<input name="submit" type="submit" value="submit" />
<input name="submitted" type="hidden" value="TRUE" />

</form>
<?php
}
?>
</body>
</html>
0
adamjw3
Asked:
adamjw3
  • 2
1 Solution
 
glcumminsCommented:
Since we do not have access to your database schema, we will not be able to test your script directly. It would be helpful if you could provide more details about precisely what fails when you run this script. Please provide information regarding:

 - The data you insert
 - The expected results
 - The actual results
 - The exact error message that is presented
0
 
adamjw3Author Commented:
There is one database called ecomms
there are 5 tables customer, menu, order_contens, orders and products.

in this script only the menu and  products are used.

menu table
key menu_id int(13) unisigned (null no)  auto_increment
menu_name varchar(20)

prducts
key product_id int(4) unisigned (null no) auto_increment
menu_id int(3) unisigned (null no)
product_name varchar(60) (null no)
price decimal(6,2) (null no)
size  varchar(255) (null yes)
image_name varchar(3) (null no)

the user sees a form on the screen and adds the details for the product and what menu item that product is under.

The script should pull the existing menu items and display them in a select box -- it doesn't do this please help.

also it writes the new menu item and product details to there respected tables.

it does write the menu item but it doesn't write the product details to the product page.
this is the main problem where i need a more experience eye to see whats wrong.

thanks

0
 
adamjw3Author Commented:
i have fixed it

i was using the new mysql $result format in places and the old one in others and my versions only like the old one.

thanks for lookiing anyway.

i'm trying to make a ecommerce shopping cart with some simple admin, any help or advice would be great.
x
0
 
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now