I have a shopping cart which allows users to add items to a cart but if the users then goes back to the product page and adds the item again it creates a new row with for the product in the database and then shows the item twice in the cart.
I need to get it to check the database first and if productID exists to just update and if not then to insert.
Just looking for guidance on whether i’m thinking this through right? how can i check for the productID?
this is the insert code:
[CODE]
$insertSQL = sprintf(“INSERT INTO tblCart (productID, productQuantity, cartGuid) VALUES (%s, %s, %s)”,
GetSQLValueString($_POST[‘productID’], “int”),
GetSQLValueString($_POST[‘productQuantity’], “int”),
GetSQLValueString($cartGuid, “text”));
and this is kinda how i thought it might have to be:
[CODE]
if (productID = productID && cartGuid = cartGuid){
$insertSQL = sprintf(“UPDATE tblCart (productID, productQuantity, cartGuid) VALUES (%s, %s, %s)”,
GetSQLValueString($_POST[‘productID’], “int”),
GetSQLValueString($_POST[‘productQuantity’], “int”),
GetSQLValueString($cartGuid, “text”));
}else{
$insertSQL = sprintf(“INSERT INTO tblCart (productID, productQuantity, cartGuid) VALUES (%s, %s, %s)”,
GetSQLValueString($_POST[‘productID’], “int”),
GetSQLValueString($_POST[‘productQuantity’], “int”),
GetSQLValueString($cartGuid, “text”));
}
any advice?
[CODE]
<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$insertSQL = sprintf("INSERT INTO tblCart (productID, productQuantity, cartGuid) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['productID'], "int"),
GetSQLValueString($_POST['productQuantity'], "int"),
GetSQLValueString($cartGuid, "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($insertSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>
[/CODE]
$productAdded = $row_rsProduct['productID']
if (productAdded != null){
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}
[/QUOTE]
Do a SELECT first to determine if productID is present.
IF (Present)
Update
ELSE
Insert
ENDIF
You could change your primary key to (cartID, productID) and the whole thing could be changed to an INSERT with ON DUPLICATE KEY UPDATE..[/QUOTE]
[CODE]
$query = "SELECT productID FROM tblCart";
$result = mysql_query($query);
IF($result != null){
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}ENDIF
[/CODE]
[code=php]$query = "SELECT productID FROM tblCart WHERE cartID = '$cartID' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($query) == 1){
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}[/code]
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:Apache2Webslearning_phpproduct.php on line 46
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE cartID=NULL AND productID=NULL' at line 1[/QUOTE]
[CODE]if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}[/CODE]
[code=php]$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
$cartID = $_POST['cartID'];[/code]
and then use the sprintf() to build your SQL statement, properly escaped.[CODE]
<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
$cartID = $_POST['cartID'];
$query = "SELECT productID FROM tblCart WHERE cartID = '$cartID' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($query) == 1){
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>
[/CODE]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
$cartID = $_POST['cartID'];
mysql_select_db($database_conn, $conn);
$query = "SELECT productID FROM tblCart WHERE cartID = '$cartID' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($query) == 1){
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartID = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]IF(mysql_num_rows($query) == 1){ [/code]
to:[code=php]IF(mysql_num_rows($result) == 1){ [/code]
[CODE]
<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
$cartID = $_POST['cartID'];
mysql_select_db($database_conn, $conn);
$query = "SELECT productID FROM tblCart WHERE cartID = '$cartID' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartID = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>
[/CODE]
[code=php]echo $query ."<br>";[/code]
right before line 51 and tell me what it displays?[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID FROM tblCart WHERE cartID = '$cartID' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "int"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID FROM tblCart WHERE cartGuid = '" GetSQLValueString($cartGuid) . "' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "int"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID FROM tblCart WHERE cartGuid = '" . GetSQLValueString($cartGuid) . "' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "int"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID FROM tblCart WHERE cartGuid = '" . GetSQLValueString($cartGuid, "int") . "' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "int"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
Can you add:[code=php]echo $query ."<br>";[/code]
right before line xx and tell me what it displays?[/QUOTE]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID FROM tblCart WHERE cartGuid = '" . GetSQLValueString($cartGuid, "text") . "' AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "text"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['quantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID FROM tblCart WHERE cartGuid = " . GetSQLValueString($cartGuid, "text") . " AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "text"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['productQuantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID FROM tblCart WHERE cartGuid = " . GetSQLValueString($cartGuid, "text") . " AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "text"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['productQuantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID, productQuantity FROM tblCart WHERE cartGuid = " . GetSQLValueString($cartGuid, "text") . " AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$quantity = $quantity + $r['productQuantity'];
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "text"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['productQuantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID, productQuantity FROM tblCart WHERE cartGuid = " . GetSQLValueString($cartGuid, "text") . " AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$quantity = $quantity + $r['productQuantity'];
if ($quantity <= 0) {
$updateSQL = sprintf("DELETE FROM tblCart WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
} else {
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}
}else{
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "text"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
Use it if needed - and if it works...[code=php]<?php require_once('Connections/conn.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
if(isset($_SESSION['cartGuid']) && $_SESSION['cartGuid'] != '') {
$cartGuid = $_SESSION['cartGuid'];
} else {
$cartGuid = md5(uniqid(rand(), true));
$_SESSION['cartGuid'] = $cartGuid;
}
$productID = $_POST['productID'];
$quantity = $_POST['productQuantity'];
mysql_select_db($database_conn, $conn);
$query = "SELECT cartID, productQuantity FROM tblCart WHERE cartGuid = " . GetSQLValueString($cartGuid, "text") . " AND productID = '$productID' LIMIT 1";
$result = mysql_query($query) or die("SQL Error: $query<br>" . mysql_error());
IF(mysql_num_rows($result) == 1){
$r = mysql_fetch_array($result);
$cartID = $r['cartID'];
$quantity = $quantity + $r['productQuantity'];
if ($quantity <= 0) {
$updateSQL = sprintf("DELETE FROM tblCart WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
} else {
$updateSQL = sprintf("UPDATE tblCart SET productQuantity=%s WHERE cartID=%s AND productID=%s LIMIT 1" ,
GetSQLValueString($quantity, "int"),
GetSQLValueString($cartID, "int"),
GetSQLValueString($productID, "int"));
}
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}else{
if ($quantity > 0) {
$updateSQL = sprintf("INSERT INTO tblCart SET cartGuid = %s, productID = %s, productQuantity =%s ",
GetSQLValueString($cartGuid, "text"),
GetSQLValueString($productID, "int"),
GetSQLValueString($quantity, "int"));
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
}
}
$insertGoTo = "cart.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
$colname_rsProduct = "-1";
if (isset($_GET['productID'])) {
$colname_rsProduct = (get_magic_quotes_gpc()) ? $_GET['productID'] : addslashes($_GET['productID']);
}
mysql_select_db($database_conn, $conn);
$query_rsProduct = sprintf("SELECT * FROM tblProducts WHERE productID = %s", $colname_rsProduct);
$rsProduct = mysql_query($query_rsProduct, $conn) or die(mysql_error());
$row_rsProduct = mysql_fetch_assoc($rsProduct);
$totalRows_rsProduct = mysql_num_rows($rsProduct);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Keyboard store: <?php echo $row_rsProduct['productName']; ?></title>
<link href="bunnies.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="mainContent">
<div class="productTitle">
<h1><?php echo $row_rsProduct['productName']; ?></h1>
</div>
<div class="productImage"><img src="<?php echo $row_rsProduct['productImage']; ?>" alt="<?php echo $row_rsProduct['productName']; ?>" height="<?php echo $row_rsProduct['productImageHeight']; ?>" width="<?php echo $row_rsProduct['productImageWidth']; ?>" class="detailimage" /></div>
<div class="productDesc">
<p><?php echo $row_rsProduct['productDesc']; ?></p>
</div>
<div class="productCode">
<p>Code: <?php echo $row_rsProduct['productCode']; ?> <br /></p>
</div>
<div class="productPrice">
<p>Price: <?php echo $row_rsProduct['productPrice']; ?></p>
</div>
<form name="form2" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
<div class="quantity">
<input name="productID" type="hidden" id="productID" value="<?php echo $row_rsProduct['productID']; ?>" />
<label>Quantity
<input name="productQuantity" type="text" id="productQuantity" size="4" />
</label>
<input name="btnAdd" type="submit" id="btnAdd" value="Add to cart" />
<input type="hidden" name="MM_insert" value="form2">
</div>
</form>
<p> </p>
</div>
</body>
</html>
<?php
mysql_free_result($rsProduct);
?>[/code]
0.1.9 — BETA 5.18