kerry Posted January 4, 2012 Share Posted January 4, 2012 I am editing the script in the book (17.1 to add a print) to create a product review. I have created a new table (review) But all I get is an error message, so I am obviously missing something. Any advice on creating a producct review on the site or advice on where I have gone wrong would be appreciated <?php require_once ('../mysqli_connect.php'); if (isset($_POST['submitted'])) { $errors = array(); if (!empty($_POST['product_id'])) { $pi = trim($_POST['product_id']); } else { $errors[] = 'Please enter the product id'; } $ci = (!empty($_POST['reviewer_name'])) ? trim($_POST['reviewer_name']) : NULL; $re = (!empty($_POST['review'])) ? trim($_POST['review']) : NULL; $q="INSERT INTO review (product_id, reviewer_name, review)VALUES(?, ?, ?)"; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'sss', $pi, $ci, $re); mysqli_stmt_execute($stmt); // Check the results... if (mysqli_stmt_affected_rows($stmt) == 1) { echo '<p>Your review has been added</p>'; $_POST = array(); } else { // Error! echo '<p style="font-weight: bold; color: #C00"> error.</p>'; } mysqli_stmt_close($stmt); } ?> <p> </p> <form enctype="multipart/form-data" action="addreview.php" method="post"> <fieldset><legend>Add a Review</legend> <p><b>Name:</b> <input type="text" name="product_name" size="30" maxlength="60" value="<?php if (isset($_POST['reviewer_name'])) echo htmlspecialchars($_POST['reviewer_name']); ?>" /> You can use a nickname</p> <p><b>Review:</b> <textarea name="description" cols="40" rows="5"><?php if (isset($_POST['review'])) echo $_POST['review']; ?></textarea> </p> </fieldset> <div align="center"><input type="submit" name="submit" value="Submit" /></div> <input type="hidden" name="submitted" value="TRUE" /> </form> MySQL client version: 5.0.77 Link to comment Share on other sites More sharing options...
Josee Posted January 4, 2012 Share Posted January 4, 2012 <p><b>Name:</b> <input type="text" name="product_name" size="30" maxlength="60" value="<?php if (isset($_POST['reviewer_name'])) echo htmlspecialchars($_POST['reviewer_name']); ?>" /> You can use a nickname</p> Shouldn't it be name="reviewer_name"? I hope this helps, Link to comment Share on other sites More sharing options...
kerry Posted January 5, 2012 Author Share Posted January 5, 2012 Hi. Thanks for the reply. I have solved the problem, but I cannot get the product_id to insert into the database: The $pid (product_id) is carried from the page required. http://www.xx/reviews.php?pid=101 but whatever I try it does not put the product_id in the review database. <?php require_once ('../mysqli_connect.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $pid = $_GET ['pid']; $product_id = mysqli_real_escape_string($dbc, $_POST['product_id=$pid']); $review = mysqli_real_escape_string($dbc, $_POST['review']); $q='INSERT INTO review (product_id, review) VALUES (?,?)'; $stmt=mysqli_prepare($dbc,$q); mysqli_stmt_bind_param($stmt, 'is', $product_id, $review); mysqli_stmt_execute($stmt); if (mysqli_stmt_affected_rows($stmt)==1){ echo'<p>Your review has been added </p>'; }else{ echo'<p>error</p>'; } } ?> <form action="reviews.php" method="post" accept-charset="utf-8"> <fieldset><legend>Review this product</legend> > <p><Label for="review">Review</Label><textarea name="review" rows="8" cols="40" value="<?php echo $_POST['review'];?>"/></textarea></p> <p><input type="submit" value="submit review" ></p> <input type="hidden" name="product_id" id="product_id" value="<?php echo $_POST['product_id'];?>"/> </fieldset> </form> Link to comment Share on other sites More sharing options...
Larry Posted January 6, 2012 Share Posted January 6, 2012 Because you're echo-ing $_POST['product_id'] in the form, but the product ID is coming from $_GET. Link to comment Share on other sites More sharing options...
kerry Posted January 6, 2012 Author Share Posted January 6, 2012 Hi Larry I have already tried that, but that still did not put the product_id in the database. Link to comment Share on other sites More sharing options...
Larry Posted January 6, 2012 Share Posted January 6, 2012 Well, it looks like you've got two more problems in your code. This line is completely unnecessary and won't work anyway: $pid = $_GET ['pid']; and Look at the $_POST element you're trying to refer to here: $product_id = mysqli_real_escape_string($dbc, $_POST['product_id=$pid']); Also, since that should be a number, you should typecast it or use Filter, not mysqli_real_escape_string(). Link to comment Share on other sites More sharing options...
kerry Posted January 6, 2012 Author Share Posted January 6, 2012 I have had a look at your book and guess this is what you mean. I must have done something wrong as it still doesn't put the product_id in the database: $product_id = (int) $_GET['product_id']; $rating = mysqli_real_escape_string($dbc, $_POST['rating']); $review = mysqli_real_escape_string($dbc, $_POST['review']); $q='INSERT INTO review (product_id, rating, review) VALUES (?,?,?)'; $stmt=mysqli_prepare($dbc,$q); mysqli_stmt_bind_param($stmt, 'iss', $product_id, $rating, $review); mysqli_stmt_execute($stmt); if (mysqli_stmt_affected_rows($stmt)==1){ echo'<p>Your review has been added </p>'; }else{ echo'<p>error</p>'; } } ?> <form action="reviews.php" method="post" accept-charset="utf-8"> <fieldset><legend>Review this product</legend> <p><label for="rating">Rating</label><input type="radio" name="rating" value="5" />5 <input type="radio" name="rating" value="4" />4 <input type="radio" name="rating" value="3" />3 <input type="radio" name="rating" value="2" />2 <input type="radio" name="rating" value="1" />1</p> <p><Label for="review">Review</Label><textarea name="review" rows="8" cols="40" value="<?php echo $_POST['review'];?>"/></textarea></p> <p><input type="submit" value="submit review" ></p> <input type="hidden" name="product_id" id="product_id" value="<?php echo $_GET['product_id']; ?>"/> </fieldset> </form> Link to comment Share on other sites More sharing options...
Larry Posted January 6, 2012 Share Posted January 6, 2012 You need to stop for a minute and think about what's going on. It seems like you're blindly trying code without thinking it through. First, the page is loaded via GET, so $_GET['product_id'] exists. And it's stored in a form element. Then the form is POSTed back to this same page, meaning that the page is accessed via POST. $_GET['product_id'] will not have a value in that case, right? Link to comment Share on other sites More sharing options...
kerry Posted January 6, 2012 Author Share Posted January 6, 2012 I took the code from your article (peachpit) and then used the book with the form. All works except for getting existing variables. It starts from view.php which has the product on. The product_id is sent to the next page reviews.php through the link http://www.xx/reviews.php?pid=101 And, yes this page is sent back to itself once added to the database. I therefore presume: $product_id = (int) $_GET['product_id']; // is correct as I am getting the product_id It does not matter if I put value="<?php echo $_GET['product_id']; ?>"/> or value="<?php echo $_POST['product_id']; ?>"/> Neither adds to the database. Link to comment Share on other sites More sharing options...
Jonathon Posted January 6, 2012 Share Posted January 6, 2012 But the form is then $_POST(ed) back to review.php? So on the secondary loading of the page $_GET['product_id'] won't exist, which is to say $product_id won't exist?? Am I missing something? 1 Link to comment Share on other sites More sharing options...
Larry Posted January 6, 2012 Share Posted January 6, 2012 Exactly. And why would you even try value="<?php echo $_POST['product_id']; ?>"/> when the page is first being loaded through GET? Link to comment Share on other sites More sharing options...
Recommended Posts