Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

php script

Posted on 2011-10-19
4
Medium Priority
?
211 Views
Last Modified: 2012-06-21
I have a php script which make addition to database new product information, I need to add  a check to make sure that product code is numeric.
<html>
   <head>
      <title>
         Add a Simgle Product
      </title>
   </head>

   <body>

      <b><font color="#000099"><font size=+2>Flamingo  Add Product  Form</font></font></b>&nbsp;&nbsp;&nbsp;&nbsp;<img SRC="pinkflamingo.gif" NOSAVE height=85 width=61>
      <br>
      <br>


<?php

   /* script to allow the addition of a Flamingo Product
      use default ODBC connection
      variables
         $dbConn   - database connection
         $sqlQuery - a query string
         $dbResult - result of a, SQL query 
         $rows     - number of rows 

      other variables
         $code  - the product code requested
         $name  - the product name
         $desc  - the product description
         $price  - the product price
   */

   // connect to the database
   $dbConn = odbc_connect("flamingo","","")
      or die("Error opening database .... use the browsers BACK button");

// just do a final check to avoid duplicate product code
   $code =  $_POST["prodcode"];
   $name =  $_POST["prodname"];
   $desc =  $_POST["proddesc"];
   $price = $_POST["prodprice"];

   $sqlQuery = "select * from prodList where prodCode='" . $code . "'";
   $dbResult = odbc_exec($dbConn,$sqlQuery) or die("Error, Product Listing failed .... use the browsers BACK button");
   $res = odbc_fetch_row($dbResult);
   if ($res == FALSE) {
      // store the products new details from the POST
	   odbc_free_result ($dbResult);
	   // now do the database insert

	   $sqlQuery = "INSERT INTO prodList VALUES ('". $code ."', '". $name ."', '". $desc ."', '". $price ."')";

	   $dbResult = odbc_exec($dbConn,$sqlQuery) or die("Product record add failed");
   }
   else{
	   echo("<p> The product with code " . $code . " exists in the products table !!");
	   echo("<p><a href='addProduct.html'>Please Try Again</a>");
	   die("<br><br>");	
   }

   

   odbc_close($dbConn);

?>

      <p> The Product details were successfully added, <a href="main.html">Continue</a>

   </body>
</html>

Open in new window

0
Comment
Question by:antatiana
  • 3
4 Comments
 
LVL 31

Accepted Solution

by:
Marco Gasi earned 2000 total points
ID: 36995857
Use is_numeric fuinction (http://it2.php.net/is_numeric) as shown in code attached.

Cheers
<html>
   <head>
      <title>
         Add a Simgle Product
      </title>
   </head>

   <body>

      <b><font color="#000099"><font size=+2>Flamingo  Add Product  Form</font></font></b>&nbsp;&nbsp;&nbsp;&nbsp;<img SRC="pinkflamingo.gif" NOSAVE height=85 width=61>
      <br>
      <br>


<?php

   /* script to allow the addition of a Flamingo Product
      use default ODBC connection
      variables
         $dbConn   - database connection
         $sqlQuery - a query string
         $dbResult - result of a, SQL query 
         $rows     - number of rows 

      other variables
         $code  - the product code requested
         $name  - the product name
         $desc  - the product description
         $price  - the product price
   */

   // connect to the database
   $dbConn = odbc_connect("flamingo","","")
      or die("Error opening database .... use the browsers BACK button");

// just do a final check to avoid duplicate product code
   $code =  $_POST["prodcode"];
   $name =  $_POST["prodname"];
   $desc =  $_POST["proddesc"];
   $price = $_POST["prodprice"];
   if (is_numeric($code)){

   $sqlQuery = "select * from prodList where prodCode='" . $code . "'";
   $dbResult = odbc_exec($dbConn,$sqlQuery) or die("Error, Product Listing failed .... use the browsers BACK button");
   $res = odbc_fetch_row($dbResult);
   if ($res == FALSE) {
      // store the products new details from the POST
	   odbc_free_result ($dbResult);
	   // now do the database insert

	   $sqlQuery = "INSERT INTO prodList VALUES ('". $code ."', '". $name ."', '". $desc ."', '". $price ."')";

	   $dbResult = odbc_exec($dbConn,$sqlQuery) or die("Product record add failed");
   }
   else{
	   echo("<p> The product with code " . $code . " exists in the products table !!");
	   echo("<p><a href='addProduct.html'>Please Try Again</a>");
	   die("<br><br>");	
   }

   

   odbc_close($dbConn);
}else{
  echo "code must be numeric only!";
}
?>

      <p> The Product details were successfully added, <a href="main.html">Continue</a>

   </body>
</html>

Open in new window

0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36995866
Do you know about is_numeric() ?   http://php.net/manual/en/function.is-numeric.php
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36995870
OH you do.  Oops.  Read it again.  
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36995894
Oh wait, now I'm confused.  I read marqus' post as the author's post by mistake.  In any event, the answer is to use is_numeric().  I suggest you use marqus' code but also read the manual page so you understand what's going on.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question