Member Avatar for sjsanjuan

Hi, I'm having a trouble with dynamic redirection. I've searched for everything and did $_GET and $_POST but still not working. The $id is not returning any results.

Here's my code:

include_once("includes/connection.php");

global $result;
putenv("TZ=Asia/Manila");

$arrErrors = array();
$oid            = isset($_GET['oid']) ? intval($_GET['oid']) : 0;
$package_id     = isset($_GET['package_id']) ? intval($_GET['package_id']) : 0;

if (count($_POST)) {
    //Post Form values
    $addon_id   = isset($_POST['addon_id']) ? intval($_POST['addon_id']) : 0;
    $itemname   = isset($_POST['itemname']) ? trim($_POST['itemname']) : "";
    $subtotal   = isset($_POST['subtotal']) ? trim($_POST['subtotal']) : "";
    $total_price= isset($_POST['total_price']) ? trim($_POST['total_price']) : "";

    //Check for errors


    //Save/Update record/s if no errors found
    if (count($arrErrors) == 0) {

        $creation_date = strftime("%Y-%m-%d %H:%M:%S");

        if ($oid > 0) {

            $query = "UPDATE orders SET package_id = '$package_id', addon_id = '$addon_id', itemname = '$itemname', subtotal = '$subtotal', total_price = '$total_price', creation_date = '$creation_date' WHERE oid = '$oid'";

        }

        else {

            $query = "INSERT INTO orders (package_id, addon_id, itemname, subtotal, total_price, creation_date) VALUES ('$package_id', '$addon_id', '$itemname', '$subtotal', '$total_price', '$creation_date')";

        }

        $result = mysql_query($query) or die(mysql_error());


        if ($result) {

                [COLOR="Red"]header("Location: checkout.php?oid=".$_POST['oid']."");[/COLOR]

        }
    }

}
if ($oid > 0) {
    $query = "SELECT * FROM orders WHERE oid='{$oid}'";
    $result = mysql_query($query) or die(mysql_error());
    while ($row = mysql_fetch_assoc($result)) {
        $package_id = $row['package_id'];
        $addon_id   = $row['addon_id'];
        $itemname   = $row['itemname'];
        $subtotal   = $row['subtotal'];
        $total_price= $row['total_price'];
        $creation_date= $row['creation_date'];
        }
    }


?>

Your help would be greatly appreciated.

Thanks Guys!

Edited by Dani because: Formatting fixed
  • 4 Contributors
  • 8 Replies
  • 345 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by diafol
Member Avatar for diafol

use code tags [ CODE ] and repost - difficult to follow

Member Avatar for rotten69

True.

Member Avatar for sjsanjuan

Hi Guys, here's the code...

<?php
include_once("includes/connection.php");

global $result;
putenv("TZ=Asia/Manila");

$arrErrors = array();
$oid = isset($_GET['oid']) ? intval($_GET['oid']) : 0;
$package_id = isset($_GET['package_id']) ? intval($_GET['package_id']) : 0;

if (count($_POST)) {
//Post Form values
$addon_id = isset($_POST['addon_id']) ? intval($_POST['addon_id']) : 0;
$itemname = isset($_POST['itemname']) ? trim($_POST['itemname']) : "";
$subtotal = isset($_POST['subtotal']) ? trim($_POST['subtotal']) : "";
$total_price= isset($_POST['total_price']) ? trim($_POST['total_price']) : "";

//Check for errors


//Save/Update record/s if no errors found
if (count($arrErrors) == 0) {

$creation_date = strftime("%Y-%m-%d %H:%M:%S");

if ($oid > 0) {

$query = "UPDATE orders SET package_id = '$package_id', addon_id = '$addon_id', itemname = '$itemname', subtotal = '$subtotal', total_price = '$total_price', creation_date = '$creation_date' WHERE oid = '$oid'";

}

else {

$query = "INSERT INTO orders (package_id, addon_id, itemname, subtotal, total_price, creation_date) VALUES ('$package_id', '$addon_id', '$itemname', '$subtotal', '$total_price', '$creation_date')";

}

$result = mysql_query($query) or die(mysql_error());


if ($result) {

header("Location: checkout.php?oid=".$_POST['oid']."");

}
}

}
if ($oid > 0) {
$query = "SELECT * FROM orders WHERE oid='{$oid}'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
$package_id = $row['package_id'];
$addon_id = $row['addon_id'];
$itemname = $row['itemname'];
$subtotal = $row['subtotal'];
$total_price= $row['total_price'];
$creation_date= $row['creation_date'];
}
}


?>

Thank you.

Member Avatar for diafol

Please indent your code - it's confusing as hell otherwise.
I've commented in the code:

<?php
include_once("includes/connection.php");
//Why make $result global??
global $result;
putenv("TZ=Asia/Manila");
 
$arrErrors = array();
$oid = isset($_GET['oid']) ? intval($_GET['oid']) : 0;
$package_id = isset($_GET['package_id']) ? intval($_GET['package_id']) : 0;
 
if (count($_POST)) {
	//Post Form values - THESE MUST BE SANITIZED! STRINGS NOT SANITIZED WITH TRIM ALONE
	$addon_id = isset($_POST['addon_id']) ? intval($_POST['addon_id']) : 0;
	$itemname = isset($_POST['itemname']) ? trim($_POST['itemname']) : "";
	$subtotal = isset($_POST['subtotal']) ? trim($_POST['subtotal']) : "";
	$total_price= isset($_POST['total_price']) ? trim($_POST['total_price']) : "";

	if (count($arrErrors) == 0) {
		$creation_date = strftime("%Y-%m-%d %H:%M:%S");
		if ($oid > 0) {
			//NO NEED FOR integers and numbers to be enclosed with ''
			$query = "UPDATE orders SET package_id = '$package_id', addon_id = '$addon_id', itemname = '$itemname', subtotal = '$subtotal', total_price = '$total_price', creation_date = '$creation_date' WHERE oid = '$oid'";
		}else{
			$query = "INSERT INTO orders (package_id, addon_id, itemname, subtotal, total_price, creation_date) VALUES ('$package_id', '$addon_id', '$itemname', '$subtotal', '$total_price', '$creation_date')";
		}
 
		$result = mysql_query($query) or die(mysql_error());
		if (mysql_affected_rows()) {
			//WHY IS THIS POST - was GET earlier - also not sanitized
			header("Location: checkout.php?oid=".$_POST['oid']."");
			//Is this page checkout.php or is it another one? If same page - no need to send again.
		}
	}
}

if ($oid > 0) {
	$query = "SELECT * FROM orders WHERE oid='{$oid}'";
	$result = mysql_query($query) or die(mysql_error());
	while ($row = mysql_fetch_assoc($result)) {
		$package_id = $row['package_id'];
		$addon_id = $row['addon_id'];
		$itemname = $row['itemname'];
		$subtotal = $row['subtotal'];
		$total_price= $row['total_price'];
		$creation_date= $row['creation_date'];
	}
}

//You don't echo any of this out - so nothing will appear on the screen.
 
?>
Member Avatar for sjsanjuan

Hi, sorry for my code.. I'm just new in PHP..

I have no problems with the submission of the form because it posts the details in the database just fine. I'm just having trouble with the "oid".

I already tried using GET but still it doesn't return any value.

The checkout.php is another page.

Member Avatar for AnkurThakur

I am confused...

You are using oid as $_GET and using $_POST in header... :O

I guess :

header("Location: checkout.php?oid=".$_POST['oid']."");

should be :

header("Location: checkout.php?oid=".$_GET['oid']."");

...?

Member Avatar for sjsanjuan

I already tried using GET and I can't get any results, that's why I tried using POST but still the same, no results.

Member Avatar for diafol

I already tried using GET and I can't get any results, that's why I tried using POST but still the same, no results.

This doesn't make any sense to me. Either you're passing the var in a querystring ($_GET) or you're passing it in get-method form ($_GET) or in a post-method form ($_POST). What are you doing? As you haven't posted your form code, we're just guessing.

I'll give you another go.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.