Member Avatar for DiamondCiara

Hi all,

New here and hoping you can help me. Here's what I'm trying to do:

I have a database table full of customers and their master records, with fields for their ID number, email, name, address, etc. I have another table for store credit, which contains only the customer ID and the amount of credit they have. Just in case you think this one's too easy and I forgot an "s" somewhere, the field for the customer ID number in the master table is customers_id, while the field for the id number in the store credit table is customer_id.

I have actions for editing and deleting existing store credit records which work perfectly. I'm stuck on adding a new record. I'm populating the customer data with a drop down menu which consists of their names and email addresses. The form then contains an input field for the amount, then a submit button. I can hit the database with the amount, but I cannot get it to recognize the customer selected from the drop down menu, no matter what I do! I've tried to create a variable for the email address to tie back for retrieval through the form's hidden input value, i.e. "selected". Seems my hidden input comes after the hidden security token (which is built into the form function) and shows up as an unfilled menu, which is why I added the non-display style. Not sure if that's messing me up, the query is the problem, something else with the form is the problem, I'm missing some Javascript, not using the correct Javascript, or what.

Hoping you can please take a look and point me in the right direction. Thanks very much!

PHP to create the form:

$data = array('form' => draw_form('customer_dropdown', LINK_TO_ACTION, 'page=' . $_GET['page'] . '&action=newrecord') . '<input type="hidden" name="selected" value=""><input type="submit" value="">'. html_entity_decode(draw_drop_down_menu('customers_email_address" onchange="document.customer_dropdown.selected.value=this.value', $customers, $_GET['customer'])));

HTML the form displays:

<form name="customer_dropdown" action="http://site.com/page.php?page=1&action=newrecord" method="post"><input type="hidden" name="securityToken" value="randomSequence1234567890"><input type="hidden" name="selected" value=""><input type="submit" value="" style="display: none"><select rel="dropdown" name="customers_email_address" onchange="document.customer_dropdown.selected.value=this.value">
<option value="" selected="selected">Please Select</option>
<option value="email1@email.com">Lastname, Firstname (email1@email.com)</option>
<option value="email2@email.com">Lastname, Firstname (email2@email.com)</option>
<option value="email3@email.com">Lastname, Firstname (email3@email.com)</option>
<option value="email4@email.com">Lastname, Firstname (email4@email.com)</option>
<option value="email5@email.com">Lastname, Firstname (email5@email.com)</option>
</select>
</form>

Back to PHP again, where this information is supposed to go:

switch ($action) {
 
case 'newrecord':	  
		$customer_email = $_POST['selected'];
		$customer_select = $db->Execute("select customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . $customer_email . "' and customers_id = '" . $customers_id . "'  ");
		$customers_id = db_get_input($_GET['customer_select']);
		$amount = db_get_input($_POST['amount']);
		
	// needs input customer and amount
	if ($customers_id =="") {
		$alertMessage->add_session(FAILURE_CUSTOMER_NOT_SELECTED, 'error');
		}
	if ($amount == 0.00) {
		$alertMessage->add_session(FAILURE_AMOUNT_NOT_SELECTED, 'error');
		}

	if ($customers_id =="" or $amount == 0.00) {
		redirect(url_link(LINK_TO_ACTION,'action=new' . (isset($_GET['page']) ? '&page=' . $_GET['page'] : '')).'">'.image_button('button_add.gif','Add Record ' . TEXT_INFO) .'</a>' );
	    }

	  // quit if customer already exists
		$check_existing = $db->Execute("select customer_id from " . TABLE_STORE_CREDIT . " 
						where customer_id = '" . $customers_id . "' ");	

	if ($check_existing->RecordCount() > 0) {
        	$alertMessage->add_session(FAILURE_CUSTOMER_EXISTS . $customers_id , 'error');
	} else {
		$insert_query = $db->Execute("insert into " . TABLE_STORE_CREDIT . " 
						(customer_id, amount) values ('" . db_input($customers_id) . "', '" . (float)db_input($amount) . "')");
						
		   // check for successful record creation
		$check_existing = $db->Execute("select customer_id from " . TABLE_STORE_CREDIT . " 
						where customer_id = '" . $customers_id . "' ");

		if ($check_existing->RecordCount() > 0 and $check_existing->fields['customer_id'] > 0 and $check_existing->fields['amount'] > 0) {
				   $alertMessage->add_session(SUCCESS_RECORD_ADDED . $customers_id . '$'.number_format($amount, 2, '.', ',') , 'success');
		} else {
        		$alertMessage->add_session(FAILURE_RECORD_NOT_ADDED, 'error');
		} 
	} 
        redirect(url_link(LINK_TO_ACTION, 'page=' . $_GET['page'] . '&cid=' . $customers_id));
        break;
    }
  • 2 Contributors
  • 6 Replies
  • 207 Views
  • 5 Days Discussion Span
  • Latest Post Latest Post by DiamondCiara
Member Avatar for madCoder

Not at a computer where I can test your code. It would be easier (and the typical way) to key on the customer's id instead of email address. The id is, by necessity, a unique column and using the intval() function you can guarantee you have an integer value.

Member Avatar for DiamondCiara

Thanks for taking a look, madCoder. I appreciate the suggestion and am sure it will help. At the moment, it seems like my problem (the first one, anyway LOL) is stemming from the form and/or the Javascript. So I hope I didn't post in the wrong place and that I'll be forgiven if I did. :-)

If I understand onchange correctly, shouldn't the drop down menu's selected value change to whichever customer is selected, even if the rest of the form hasn't been submitted? If that is correct, then it's definitely the form. I still see "Please Select" as the selected value whenever I inspect or View Source, even if I select a customer.

Hope you can take another look when you get some time. I'll be working on a work-around and the cure for a flat forehead in the meantime. ;)

Member Avatar for madCoder

Just took another look at your first code snippet. The onchange event there wouldn't update anything. onchange="document.customer_dropdown.selected.value=this.value" customer_dropdown is the name of a form, you do not reference another form field to update. This tries to set the value of something that doesn't have a value.

Member Avatar for DiamondCiara

Thanks, madCoder. Gotten past that part. Now I'm getting the form to select without javascript, but the value I'm having trouble with is an email address, and it keeps changing the @ to its ascii value, %40. I've tried to process the string after retrieval with substr, urldecode iconv and html_entity_decode, but it seems like I'm not being heard on the PHP side now. This form should have taken five minutes. Instead its taken five days with no end in sight. Appreciate you checking back in. Merry Christmas! :)

Member Avatar for madCoder

As previously suggested, don't key on the email address. Key on a numeric ID. Much easier to manipulate and doesn't reveal email addresses. If this is a form that is public facing, those emails will get scraped by spammer bots!

Member Avatar for DiamondCiara

Not a public form. The problem seems to be something to do with the method, despite trying post, get and request. If I use get as the method, I see the values in my address bar, which is how I noticed the ascii conversion of the at sign, but using get results in no communication with PHP. PHP likes Post, but the values aren't being recognized. :(

The email address itself isn't a problem. I can do an easy select statement to extract the customer ID. Too bad nothing else about this has been easy, tho. lol

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.