cross checking the codes from database

Question

anmol.raghuvanshi1

9 Years Ago

hello every one i have one small doubt i have the following code
i want the user to enter the coupon code which has been randomly generated and saved in database now i want that when user enter the coupon code it is cross checked from database i.e entered coupon exist or not

// html form 
<form method="post" action="ted.php">
    Enter The Coupon Code:<br />
    <input name="code" type="text" size="10" />
    <br />
    <input type="submit" name="submit" value="submit"  onclick="coupval =this.form.coupcode.value;  ChkCoup();" />
    </form>


//php script 

<?php
    $db=new mysqli('localhost','root','','shop');
     if(mysqli_connect_errno()){
        echo 'Could not connect to database:Plz try After Some time..';
        exit;
        }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    if(isset($_POST['submit'])){
        $code=isset($_POST['code']);
            if($code!=""){
                $qry="select code from code";
                $result=$db->query($qry);
                $row=array();
                while ($row[]=mysqli_fetch_array($result))
                        {
                        if($code==$row['code']) {
                        echo "sucess,discount granted";
        }
            else echo "fail";
        }


        // Free result set
         mysqli_free_result($result);
}
}

?>

plz help me with this....

ecommerce mysql php

2 Contributors
6 Replies
303 Views
20 Hours Discussion Span
Latest Post 9 Years Ago Latest Post by broj1

broj1 356 Humble servant

9 Years Ago

You are mixing mysql_* and mysqli_* functions as well as object oriented and procedural style. The code below is mysqli_* OOP style, and is not tested, just to give you an idea. See the comments.

// check if form submitted and if code field is not empty
if(isset($_POST['submit']) && $_POST['code'] != '') {

    // only now connect to the DB since you know you need it
    $db=new mysqli('localhost','root','','shop');
    if(mysqli_connect_errno()){
        echo 'Could not connect to database:Plz try After Some time..';
        exit();
    }

    // clean the user input (see the correct code for the clean function below)
    $code = clean($_POST['code'], $db);

    // after cleaning (trim) the code could be empty so check for this
    if($code != "") {

        // use a WHERE clause
        $qry="SELECT code FROM code WHERE code='$code'";
        $result = $db->query($qry);

        // check if you got any rows (code was found)
        if($result->num_rows() != 0) {
            echo "sucess,discount granted";
        } else {
            // code was entered but not found in the database
            echo "fail (code is not valid)";
        }

        // Free result set
        $result->close();

    } else {
        echo "fail (no code entered)";
    }

    // close the connection
    $db->close();
}

The clean function also has to be corrected in order to use the $db object:

//Function to sanitize values received from the form. Prevents SQL injection
// you have to pass the DB object to the function to use it
function clean($str, $db) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return $db->real_escape_string($str);
}

Please note this post has been heavy edited since additional errors were found as the post was getting prepared. Please make sure you see the last version.

Edited 9 Years Ago by broj1

broj1 356 Humble servant

9 Years Ago

Sorry, my typo. Line 22 of my code should be:

if($result->num_rows != 0) {
...

(no parentheses after the num_rows).

Also change the action of the form to the same script:

<form method="post" action="#">

Edited 9 Years Ago by broj1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

anmol.raghuvanshi1 · Answer 1 · 2015-03-17T17:31:36+00:00

i now gives error as......
Call to undefined method mysqli_result::num_rows()
and i am very thankful clearing my misconception

anmol.raghuvanshi1 · Answer 2 · 2015-03-17T17:39:17+00:00

but still it doesn't works even for discount code not present in database sucess is printed...

anmol.raghuvanshi1 · Answer 3 · 2015-03-18T08:28:22+00:00

Thanku #broj1 for u help now its has been done and code is running smoothly

broj1 356 Humble servant Featured Poster · Answer 4 · 2015-03-18T09:12:23+00:00

You are welcome. Please mark the thread as solved if no more questions. Happy coding :-)