PHP coding - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

PHP coding

PHP code to get and display products from DATABASE

Bogomil

11:55 am on Apr 17, 2014 (gmt 0)

10+ Year Member

Hello, i am creating a e-commerce web site for my final year in BSc Computing and i have a problem with my PHP code.

<?php
// Connect to the MySQL database
include "storescripts/connect_to_mysql.php";
// Check to see the URL variable is set and that it exists in the database
if (isset($_GET['$product_name'])) {

$product_name = preg_replace('#[A-Z,a-z,0-9]#i', '', $_GET['$product_name']);
/* Use this var to check to see if this ID exists, if yes then get the product
details, if no then exit this script and give message why */
$sql = mysql_query("SELECT * FROM products WHERE id='$product_name' LIMIT 1");
$productCount = mysql_num_rows($sql); // count the output amount
if ($productCount > 0) {
// get all the product details
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
$price = $row["price"];
$details = $row["details"];
$category = $row["category"];
$subcategory = $row["subcategory"];
$date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));
}
}
else{
echo "That item does not exist.";
exit();}
}
else{
echo "Data to render this page is missing!.";
exit();
}
mysql_close();
?>

I dont know where is the error i hace added 6 products into my database with ids(1,2,3,4,5,6) and when i try open this page i says Data to render this page is missing!.
Any ideas?
Thank you indeed!

penders

4:10 pm on Apr 17, 2014 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

if (isset($_GET['$product_name'])) {

The "$" probably shouldn't be here. Presumably your URL parameter is simply "product_name"? You do a similar thing on the following line.

Just a point... You also have a variable called $product_name, which is derived from the passed URL parameter, which would also seem to be called "product_name"? If these refer to different types of data then they should have different names.

$product_name = preg_replace('#[A-Z,a-z,0-9]#i', '', $_GET['$product_name']);

The regular expression is also incorrect, but what exactly are you trying to do there?

Also, if this is a new project (or "final year project"), then you should not be using the MySQL PHP extension. If you look at the PHP documentation [php.net] you will see the following notice:

This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used.

shaid

7:37 pm on May 4, 2014 (gmt 0)

10+ Year Member

$sql = mysql_query("... WHERE id='$product_name' ...");
is $_GET['$product_name'] sending id or name as your sql it is id in where condition.
$_GET['$product_name'] will be $_GET['product_name'] as "penders" already mentioned.

Thanks

Matthew1980

10:04 pm on May 14, 2014 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hiya Guys,

Well without knowing what's included in that sql file, we can only surmise. I suspect that If there is a var in there called $product_name, it certainly doesn't need the quotes around it, that sends php off looking for an index then a constant, NOT A VARIBLE!

Seeing as it's an id you're searching for, they are predominantly defined in the structure of the sql table as an int - yet you're searching for a string, this make it slower, and as it's a different datatype by definition, the quote can be remove, and you can literally force the get to become and int: (int)$productname;

Also the concatenation of strings in the sql string isn't quite right - personally I break out of the string like this:-

Like this if the var is the last item:-
mysql_query("SELECT * FROM `sometable` WHERE `id` = ".(int)$productname);
Like this, if the concatenation is extended.
mysql_query("SELECT * FROM `sometable` WHERE `id` = ".(int)$productname." LIMIT 1");

@Penders has already mentioned the dupication/same declaration issue, I would go for something a little more descriptive/pertinent myself.

Sorry I can't be more helpful.

Cheers,
MRb