Jump to content
Larry Ullman's Book Forums

Checkout.Php


Recommended Posts

I finally finished the checkout.php page. when I test it and put incorrect information it displays again just like the book says on page 282. But when i put in correct information, the zip code tells me to 'Please enter your zip code'.It's only the zip code, the rest of the form accepts the information. I'm having a hard time trying to figure out way.

 

here is the checkout.php code

 

<?php

//Include the configuration file:

require('fudge/includes/config.php');

 

//Check for the user's cart ID, available in the URL:

if($_SERVER['REQUEST_METHOD']=='GET'){

if(isset($_GET['session'])){

$uid=$_GET['session'];

 

//Use the cart ID as the session ID, and beging the session:

session_id($uid);

session_start();

 

//If no session value was present in the URL(for a GET request), redirect the user:

}else{

$location='fudge/cart.php';

header("Location:$location");

exit();

}

 

//If the request method isn't GET, start the session and retrieve the session ID:

}else{//POST request.

session_start();

$uid=session_id();

}

 

//Include the database connection and create an array for validation errors:

require_once('../mysqli_connect.php');

$shipping_errors=array();

 

//if there's a chance that Magic Quotes may be enable on your server, you'll also need to apply stripslashes() prior to validation:

if(get_magic_quotes_gpc()){

$_POST['first_name']=stripslashes($_POST['first_name']);

//repeat for other variables that could be affected.

}

 

//If the form was submitted, validate the first and last names:

if($_SERVER['REQUEST_METHOD']=='POST'){

if(preg_match('/^[A-Z\'.-]{2,20}$/i',$_POST['first_name'])){

$fn=addslashes($_POST['first_name']);

}else{

$shipping_errors['first_name']='Please enter your first name!';

}

if(preg_match('/^[A-Z\'.-]{2,40}$/i',$_POST['last_name'])){

$ln=addslashes($_POST['last_name']);

}else{

$shipping_errors['last_name']='Please enter your last name!';

}

 

//Validate the street addresses:

if(preg_match('/^[A-Z0-9 \',.#-]{2,80}$/i',$_POST['address1'])){

$a1=addslashes($_POST['address1']);

}else{

$shipping_errors['address1']='Please enter your street address!';

}

if(empty($_POST['address2'])){

$a2=NULL;

}elseif (preg_match ('/^[A-Z0-9\',.#-]{2,80}$/i',$_POST['address2'])){

$a2=addslashes($_POST['address2']);

}else{

$shipping_errors['address2']='Please enter your street address!';

}

//Validate the city:

if(preg_match('/^[A-Z\'.-]{2,60}$/i',$_POST['city'])){

$c=addslashes($_POST['city']);

}else{

$shipping_errors['city']='Please enter your city!';

}

//Validate the state:

if(preg_match('/^[A-Z]{2}$/',$_POST['state'])){

$s=$_POST['state'];

}else{

$shipping_errors['state']='Please enter your state!';

}

//Validate the zip code:

if(preg_match('/^(\d{5}$)|(^\d{5}-\d{4})$/',$_POST['zip'])){

$z=$_POST['zip'];

}else{

$shipping_errors['zip']='Please enter your zip code!';

}

//Validate the phone number:

$phone=str_replace(array('','-','(',')'),'',$_POST['phone']);

if(preg_match('/^[0-9]{10}$/',$phone)){

$p=$phone;

}else{

$shipping_errors['phone']='Please enter your phone number!';

}

//Validate the email address:

if(filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)){

$e=$_POST['email'];

$_SESSION['email']=$_POST['email'];

}else{

$shipping_errors['email']='Please enter a valid email address!';

}

//Store the data in the session if the shipping information matches the billing:

if(isset($_POST['use'])&&($_POST['use']=='Y')){

$_SESSION['shipping_for_billing']=true;

$_SESSION['cc_first_name']=$_POST['first_name'];

$_SESSION['cc_last_name']=$_POST['last_name'];

$_SESSION['cc_address']=$_POST['address1'].''.$_POST['address2'];

$_SESSION['cc_city']=$_POST['city'];

$_SESSION['cc_state']=$_POST['state'];

$_SESSION['cc_zip']=$_POST['zip'];

}

//if no errors occurred, add the user to the database:

if(empty($shipping_errors)){

$r=mysqli_query($dbc, "CALL add_customer('$e','$fn','$ln','$a1','$a2','$c','$s',$z,$p,@cid)");

 

//If the procedure worked, retrieve the customer ID:

if($r){

$r=mysqli_query($dbc,'SELECT @cid');

if(mysqli_num_rows($r)==1){

list($_SESSION['customer_id'])=mysqli_fetch_array($r);

//redirect the customer to the billing page:

$location='https://'.BASE_URL.'billing.php';

header("Location:$location");

exit();

//If there was a problem,indicate an error:

}

}

trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.');

//Complete the $shipping_errors and request method conditionals:

}//Errors occurred IF.

}//End of REQUEST_METHOD IF.

//Include the header file:

$page_title='Fudge-Checkout-Your Shipping Information';

include('fudge/includes/checkout_header.html');

//Retrieve the shopping cart contents:

$r=mysqli_query($dbc,"SELECT CONCAT('F', sf.id)AS sku, c.quantity, f.fudge_name, s.size, sf.price, sf.stock FROM carts AS c INNER JOIN specific_fudge AS sf ON sf.id=c.product_id INNER JOIN size AS s ON s.id=sf.size_id INNER JOIN fudge AS f ON sf.fudge_id=f.id

WHERE c.user_session_id='$uid'");

//Complete the script:

if(mysqli_num_rows($r)>0){

include('fudge/views/checkout.html');

}else{//Empty cart!

include('fudge/views/emptycart.html');

}

//include the footer and finish the page:

include('includes/footer.html');

?>

 

 

 

Thanks

Link to comment
Share on other sites

What are you entering into the zip code field? That regex checks for either exactly any 5 digits or exactly 5 digits followed by a dash and any 4 digits. So if it's not the format e.g. 79546 or 79546-1234 then it will fail.

 

If you're in another country e.g. England and entering a postcode like TF11 8PD then it will fail unless you alter the regex.

Link to comment
Share on other sites

If the error is "Please enter your zip code" then

it must be being set in the following code section:

 

>> //Validate the zip code:

>> if(preg_match('/^(\d{5}$)|(^\d{5}-\d{4})$/',$_POST['zip'])){

>> $z=$_POST['zip'];

>> }else{

>> $shipping_errors['zip']='Please enter your zip code!';

>> }

 

And in this code section the only test is in the second line,

ie: if (preg_match......

 

Therefore the only place you need to look is that line.

And the only thing that can be wrong on that line is that the variable S_POST('zip')

does not match the test on the first part of the line. You could add a temporary

extra line just before this code section, eg. echo $_POST('zip'); so you can

check the variable does contain the value you expect. If it does, then it must

not be meeting the regular expression requirement.

 

I find these regular expressions to be very hard to understand. Search the web for some sites that explain with simple examples what each bit means. And if you do need to change the expression (eg. maybe to suit your non-USA style zip codes) you'll almost certainly find an example you can cut and paste.

Link to comment
Share on other sites

 Share

×
×
  • Create New...