i am trying to check if an item is already on the data base, and if there is it should prompt the user with the information to add the product,but it seem to be tricky and i am not getting it.
this is the mark up below
<?php
require_once("include/session.php");
require_once("include/dataconnect.php");
require_once("include/functions.php");
//print_r($_POST);
//$_GET["product"]
$Sname = $_GET["merchant"];
$Pname = $_GET["product"];
$Pidno = $_GET["id"];
//echo "$product";
$Pquantity = "1";
$Weblink = $_GET["url"];
$Price = $_GET["price"];
$tprice = $Price * $Pquantity;
$date = date("Y-m-d");
//$_SESSION['username'] = $_SESSION['username'];
//echo $_SESSION['username'];
//print
//htmlentities($_GET["price"],ENT_QUOTES);
if($_SESSION['username'])
{
$repeatheck = mysql_query("SELECT * FROM addingprod WHERE Uname = '{$_SESSION['username']}' AND Pidno ='$Pidno' AND Sname='$Sname'");
$count = mysql_num_rows($repeatheck);
if($count=1)
{
die ('A PRODUCT ALREADY IN ORDER FORM PLEASE ADD TO YOUR SHOPPING LIST TO CONTINUE, <a href="youraccount.php">CLICK TO GO BACK TO YOUR LIST</a>');
}
else
{
$queryreg = mysql_query("
INSERT INTO addingprod VALUES ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$comment','$tprice','$date','{$_SESSION['username']}')
")or die(mysql_error());
redirect_to('youraccount.php');
}
}
else
{
echo "<a href='reregister.php'> REGISTER</a> so as to be able to use the order form";
}
?>
please any idea.as all idea i tried, just kept returning the warning, even as no data is in the database
i have used if($count==1), and it worked, but after adding the product it is not redirecting to the / redirect_to(‘youraccount.php’);/ page
I notice you’re using the mysql functions in your code - you should be aware that the mysql extension has been depreciated (and will be removed from PHP) so you should think about changing to the [fphp]mysqli[/fphp] or [fphp]PDO[/fphp] extension.
Your code is also wide open to SQL injection attacks - even if you do nothing else, at the minimum you should use [fphp]mysql_real_escape_string[/fphp] to escape any data that comes from external sources (e.g. $_GET/$_POST) before using it in a DB query.
fret i had a look at the manual ,is changing to the new ext a function of changing mysql to mysqli like
$repeatheck = mysqli_query("SELECT * FROM addingprod WHERE Uname = '{$_SESSION['username']}'");
$count = mysqli_num_rows($repeatheck);
if($count==1)
{
die ('A PRODUCT ALREADY IN ORDER FORM PLEASE ADD TO YOUR SHOPPING LIST TO CONTINUE, <a href="youraccount.php">CLICK TO GO BACK TO YOUR LIST</a>');
}
else
{
$queryreg = mysqli_query("
INSERT INTO addingprod VALUES ('','$Sname','$Pname','$Pidno','$Psize','$Pcolour','$Pquantity','$Weblink','$Price','$comment','$tprice','$date','{$_SESSION['username']}')
")or die(mysqli_error());
It’s a little bit different, as with the mysqli extension you have to pass your connection as the first argument when calling the query function. Take a look at this example from the manual to see what I mean:
$mysqli = mysqli_connect("example.com", "user", "password", "database");
$res = mysqli_query($mysqli, "SELECT 'Please, do not use ' AS _msg FROM DUAL");
$row = mysqli_fetch_assoc($res);
You MUST use “if ($count == 1)”. That’s the correct syntax, not what you show here. So fix that and then display count in your error message to see what you are getting. What is wrong is probably the use of the session var as the arg in your query. Store the session var into a local var and simplify your query by doing this:
$uname = $_SESSION['username']
then in the query:
Uname='$uname'