This is the complete [sanitized] form page. The form is created dynamically. I will include the result page below.
The form is created from a query selected rows from an individual customer table. When they execute a new table is created ‘temporder’, the information is inserted then queried back in the query that we have been working on.
<?php session_start();?>
<?php require_once('Connections/*******.php'); ?>
<?php require_once( "WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Logged in to company")){
WA_Auth_RestrictAccess("company_LogIn.php");
}
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_szabo, $szabo);
$query_Recordset11 = "SELECT company.id, company.name FROM company WHERE id =$_SESSION[id]";
$Recordset11 = mysql_query($query_Recordset11, $szabo) or die(mysql_error());
$row_Recordset11 = mysql_fetch_assoc($Recordset11);
$totalRows_Recordset11 = mysql_num_rows($Recordset11);
$cust = $row_Recordset11 ['name'];
$cust=str_replace(' ', '', $cust);
$cust = strtolower($cust);
mysql_select_db($database_szabo, $szabo);
$query_Recordset22 = "SELECT * FROM $cust WHERE model IS NOT NULL";
$Recordset22 = mysql_query($query_Recordset22, $szabo) or die(mysql_error());
$row_Recordset22 = mysql_fetch_assoc($Recordset22);
$totalRows_Recordset22 = mysql_num_rows($Recordset22);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
body {
margin:0px;
}
h1, h2, h3, h4,h5 {
margin:0px;
}
th {
width:80px;}
#orderform {
width:800px;
margin:0px auto;}
.center {
text-align:center;
}
</style>
</head>
<body>
<?php
$_SESSION['type']= $row_Recordset22['type'];
?>
<div id="orderform">
<h2><?php echo $row_Recordset11['name']; ?> Order Form</h2>
<form action="szabo-confirmation.php" method="post" name="result" id="result">
<?php
echo '<table>';
echo '<th>'.'Quantity'.'</td>'. '<th>'.'Type'.'</td>'. '<th>'.'Manufacturer'.'</td>'. '<th>'.'Model'.'</td>'. '<th>'.'Model Number'.'</td>'. '<th>'.'Description'.'</td>'. '<th>'.'Price'.'</td>';
do{
echo '<tr><td>'.'<input type="text" id="qnt" name="qnt" size="5" >'. '</td>';
echo '<td>'.'<input type="text" id="type" name="type" size="20" readonly="readonly" value = '."$row_Recordset22[type]".' >'.'</td>';
echo '<td>'.'<input type="text" id="mfg" name ="mfg" size="20" readonly="readonly" value = '."$row_Recordset22[mfg]".' >'.'</td>';
echo '<td>'.'<input type="text" id="model" name="model" size="20" readonly="readonly" value = '."$row_Recordset22[model]".' >'.'</td>';
echo '<td>'.'<input type="text" id="model_num" name="model_num" size="20" readonly="readonly" value = '."$row_Recordset22[model_num]".' >'.'</td>';
echo '<td>'.'<input type="text" id="descrip" size="20" name="descrip" readonly="readonly" value = '."$row_Recordset22[descrip]".' >'.'</td>';
echo '<td>'.'<input type="text" id="msrp" name="msrp" size="20" readonly="readonly" value = '."$row_Recordset22[msrp]".' >'.'</td>';
/*echo '<td>' '</td>';*/
echo '</tr>';
}
while($row_Recordset22 = mysql_fetch_assoc($Recordset22));
echo '</table>';
echo '<h2>'."$row_Recordset22[type]".'</h2>';
?>
<input name="submit" type="submit" value="Submit for Confirmation" />
</form>
</div>
</body>
</html>
<?php
mysql_free_result($Recordset11);
mysql_free_result($Recordset22);
?>
The results page
<?php session_start();?>
<?php require_once(‘Connections/*******.php’); ?>
<?php
if (!function_exists(“GetSQLValueString”)) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = “”, $theNotDefinedValue = “”)
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists(“mysql_real_escape_string”) ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case “text”:
$theValue = ($theValue != “”) ? “'” . $theValue . “'” : “NULL”;
break;
case “long”:
case “int”:
$theValue = ($theValue != “”) ? intval($theValue) : “NULL”;
break;
case “double”:
$theValue = ($theValue != “”) ? “'” . doubleval($theValue) . “'” : “NULL”;
break;
case “date”:
$theValue = ($theValue != “”) ? “'” . $theValue . “'” : “NULL”;
break;
case “defined”:
$theValue = ($theValue != “”) ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=“http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=“Content-Type” content=“text/html; charset=utf-8” />
<title>Untitled Document</title>
<style type=“text/css”>
body {
margin:0px;
}
h1, h2, h3, h4,h5 {
margin:0px;
}
td {
text-align:center;}
.center {
text-align:center;
}
</style>
</head>
<body>
<?php
@$qnt = $_POST[‘qnt’];
@$type = $_POST[‘type’];
@$mfg = $_POST[‘mfg’];
@$model = $_POST[‘model’];
@$model_num = $_POST[‘model_num’];
@$descrip = $_POST[‘descrip’];
@$msrp = $_POST[‘msrp’];
@$price = $qnt * $msrp;
@$po=$_POST[‘po’];
?>
<?php
mysql_select_db($database_szabo, $szabo);
$qry=mysql_query( "CREATE TABLE temporder LIKE orders ");
mysql_select_db($database_szabo, $szabo);
$query_Recordset1 = “SELECT company.name, company.store_num FROM company WHERE company.id =$_SESSION[id]”;
$Recordset1 = mysql_query($query_Recordset1, $szabo) or die(mysql_error());
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
@$cust = “$row_Recordset1[name]”;
@$store_num = “$row_Recordset1[store_num]”;
///////below are some of the variations of the loop I have been working on, currently i have the 2 loops and getting the same results////////////
/*
foreach($_POST as $key => $value)
{*/
mysql_select_db($database_szabo, $szabo);
/* for ($i=1; $i < count($postarray);$i++) {/
/$vd=var_dump($postarray);
$postex = explode(’ ',$vd);
foreach ($postex as &$value){ /
/ foreach($_POST as $postarray) {
$query_Recordset3 = " INSERT INTO temporder ( qnt, type, mfg, model, model_num, descrip, price) VALUES (‘$postarray[qnt]’,‘$postarray[type]’,‘$postarray[mfg]’,‘$postarray[model]’,‘$postarray[model_num]’,‘$postarray[descrip]’,‘$postarray[msrp]’) ";
$Recordset3 = mysql_query($query_Recordset3, $szabo) or die(mysql_error());
}*/
$postvar=array(“$cust”, “$store_num”,“$_POST[qnt]”,“$_POST[type]”,“$_POST[mfg]”,“$_POST[model]”,“$_POST[model_num]”,“$_POST[descrip]”,“$_POST[msrp]”);
$query_Recordset3 = "INSERT INTO temporder ( cust, store_num, qnt, type, mfg, model, model_num, descrip, price, po) VALUES ";
for ($i=0; $i < count($postvar);$i++) {
foreach($_POST as $postvar) {
$query_Recordset3 .= "('".$postvar['cust']."','".$postvar['store_num']."','".$postvar['qnt']."','".$postvar['type']."','".$postvar['mfg']."','".$postvar['model']."','".$postvar['model_num']."','".$postvar['descrip']."','".$postvar['price']."','".$postvar['po']."'),";
}
}
$query_Recordset3 = substr($query_Recordset3,0,-1); // get rid of trailing comma, since we cant use implode
$Recordset3 = mysql_query($query_Recordset3, $szabo) or die(mysql_error());
$row_Recordset3 = mysql_fetch_assoc($Recordset3);
$totalRows_Recordset3 = mysql_num_rows($Recordset3);
mysql_select_db($database_szabo, $szabo);
$query_Recordset2 = “SELECT * FROM temporder WHERE qnt IS NOT NULL”;
$Recordset2 = mysql_query($query_Recordset2, $szabo) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);
$totalRows_Recordset2 = mysql_num_rows($Recordset2);
echo ‘<table cellspacing =“6” align=“center”>’;
echo ‘<tr><th>’.‘Quantity’.‘</td>’. ‘<th>’.‘Type’.‘</td>’. ‘<th>’.‘Manufacturer’.‘</td>’. ‘<th>’.‘Model’.‘</td>’. ‘<th>’.‘Model Number’.‘</td>’. ‘<th>’.‘Description’.‘</td>’. ‘<th>’.‘Price’.‘</td></tr>’;
do {
echo ‘<tr><td>’.‘<input type=“text” id=“qnt” name=“qnt” size=“2” value = ‘.“$row_Recordset2[qnt]”.’>’. ‘</td>’;
echo ‘<td>’.“$row_Recordset2[type]”.‘</td>’;
echo ‘<td>’.“$row_Recordset2[mfg]”.’ </td>‘;
echo ‘<td>’.“$row_Recordset2[model]”.’</td>‘;
echo ‘<td>’.“$row_Recordset2[model_num]”.’</td>‘;
echo ‘<td>’.“$row_Recordset2[descrip]”.’</td>‘;
echo ‘<td>’.“$row_Recordset2[price]”.’</td>';
echo ‘</tr>’;
}
while($row_Recordset2 = mysql_fetch_assoc($Recordset2));
echo ‘</table>’;
echo $cust;
echo $qnt;
echo $_SESSION[‘type’];
?>
</body>
</html>
<?php
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
/mysql_free_result($Recordset2);
mysql_free_result($Recordset3);
mysql_free_result($Recordset1);/
?>