Jump to content
Larry Ullman's Book Forums

Changing Add Print Script For A Product Review


Recommended Posts

I am editing the script in the book (17.1 to add a print) to create a product review.

 

I have created a new table (review) But all I get is an error message, so I am obviously missing something. Any advice on creating a producct review on the site or advice on where I have gone wrong would be appreciated

 

 

<?php
require_once ('../mysqli_connect.php');
if (isset($_POST['submitted'])) {
$errors = array();
if (!empty($_POST['product_id'])) {
 $pi = trim($_POST['product_id']);
} else {
 $errors[] = 'Please enter the product id';
}
$ci = (!empty($_POST['reviewer_name'])) ? trim($_POST['reviewer_name']) : NULL;
$re = (!empty($_POST['review'])) ? trim($_POST['review']) : NULL;
$q="INSERT INTO review (product_id, reviewer_name, review)VALUES(?, ?, ?)";
 $stmt = mysqli_prepare($dbc, $q);
 mysqli_stmt_bind_param($stmt, 'sss', $pi, $ci, $re);
 mysqli_stmt_execute($stmt);
 // Check the results...
 if (mysqli_stmt_affected_rows($stmt) == 1) {

  echo '<p>Your review has been added</p>';
  $_POST = array();
 } else { // Error!
  echo '<p style="font-weight: bold; color: #C00"> error.</p>';
 }

 mysqli_stmt_close($stmt);
  } 
?>
<p> </p>
<form enctype="multipart/form-data" action="addreview.php" method="post">
<fieldset><legend>Add a Review</legend>

<p><b>Name:</b>
  <input type="text" name="product_name" size="30" maxlength="60" value="<?php if (isset($_POST['reviewer_name'])) echo htmlspecialchars($_POST['reviewer_name']); ?>" />
  You can use a nickname</p>

<p><b>Review:</b>
  <textarea name="description" cols="40" rows="5"><?php if (isset($_POST['review'])) echo $_POST['review']; ?></textarea> </p>
 </fieldset>
  <div align="center"><input type="submit" name="submit" value="Submit" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</form>

  • MySQL client version: 5.0.77

Link to comment
Share on other sites

<p><b>Name:</b>

<input type="text" name="product_name" size="30" maxlength="60" value="<?php if (isset($_POST['reviewer_name'])) echo htmlspecialchars($_POST['reviewer_name']); ?>" />

You can use a nickname</p>

 

Shouldn't it be name="reviewer_name"?

 

I hope this helps,

Link to comment
Share on other sites

Hi. Thanks for the reply. I have solved the problem, but I cannot get the product_id to insert into the database:

 

The $pid (product_id) is carried from the page required. http://www.xx/reviews.php?pid=101 but whatever I try it does not put the product_id in the review database.

 

<?php
require_once ('../mysqli_connect.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$pid = $_GET ['pid'];
$product_id = mysqli_real_escape_string($dbc, $_POST['product_id=$pid']);
$review = mysqli_real_escape_string($dbc, $_POST['review']);

$q='INSERT INTO review (product_id, review) VALUES (?,?)';
$stmt=mysqli_prepare($dbc,$q);
mysqli_stmt_bind_param($stmt, 'is', $product_id, $review);
mysqli_stmt_execute($stmt);
if (mysqli_stmt_affected_rows($stmt)==1){
echo'<p>Your review has been added </p>';
}else{
echo'<p>error</p>';
}
}
?>
<form action="reviews.php" method="post" accept-charset="utf-8">
<fieldset><legend>Review this product</legend>
>
<p><Label for="review">Review</Label><textarea name="review" rows="8" cols="40" value="<?php echo $_POST['review'];?>"/></textarea></p>
<p><input type="submit" value="submit review" ></p>
<input type="hidden" name="product_id" id="product_id" value="<?php echo $_POST['product_id'];?>"/>
</fieldset>
</form>

Link to comment
Share on other sites

Well, it looks like you've got two more problems in your code.

This line is completely unnecessary and won't work anyway:

 

$pid = $_GET ['pid'];

and

Look at the $_POST element you're trying to refer to here:

$product_id = mysqli_real_escape_string($dbc, $_POST['product_id=$pid']);

Also, since that should be a number, you should typecast it or use Filter, not mysqli_real_escape_string().

Link to comment
Share on other sites

I have had a look at your book and guess this is what you mean. I must have done something wrong as it still doesn't put the product_id in the database:

 

$product_id = (int) $_GET['product_id'];
$rating = mysqli_real_escape_string($dbc, $_POST['rating']);
$review = mysqli_real_escape_string($dbc, $_POST['review']);

$q='INSERT INTO review (product_id, rating, review) VALUES (?,?,?)';
$stmt=mysqli_prepare($dbc,$q);
mysqli_stmt_bind_param($stmt, 'iss', $product_id, $rating, $review);
mysqli_stmt_execute($stmt);
if (mysqli_stmt_affected_rows($stmt)==1){
echo'<p>Your review has been added </p>';
}else{
echo'<p>error</p>';
}
}
?>
<form action="reviews.php" method="post" accept-charset="utf-8">
<fieldset><legend>Review this product</legend>
<p><label for="rating">Rating</label><input type="radio" name="rating" value="5" />5
<input type="radio" name="rating" value="4" />4
<input type="radio" name="rating" value="3" />3
<input type="radio" name="rating" value="2" />2
<input type="radio" name="rating" value="1" />1</p>
<p><Label for="review">Review</Label><textarea name="review" rows="8" cols="40" value="<?php echo $_POST['review'];?>"/></textarea></p>
<p><input type="submit" value="submit review" ></p>
<input type="hidden" name="product_id" id="product_id" value="<?php echo $_GET['product_id']; ?>"/>
</fieldset>
</form>

Link to comment
Share on other sites

You need to stop for a minute and think about what's going on. It seems like you're blindly trying code without thinking it through. First, the page is loaded via GET, so $_GET['product_id'] exists. And it's stored in a form element. Then the form is POSTed back to this same page, meaning that the page is accessed via POST. $_GET['product_id'] will not have a value in that case, right?

Link to comment
Share on other sites

I took the code from your article (peachpit) and then used the book with the form. All works except for getting existing variables.

 

It starts from view.php which has the product on.

 

The product_id is sent to the next page reviews.php through the link http://www.xx/reviews.php?pid=101

 

And, yes this page is sent back to itself once added to the database.

 

I therefore presume:

$product_id = (int) $_GET['product_id']; // is correct as I am getting the product_id

 

It does not matter if I put

value="<?php echo $_GET['product_id']; ?>"/>

or

value="<?php echo $_POST['product_id']; ?>"/>

 

Neither adds to the database.

Link to comment
Share on other sites

 Share

×
×
  • Create New...