Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.

I have been making a customised wedding gift registry for a wedding website that I have been building and for a while it seemed to work fine but now it seems to be not working and I'm not sure why...

The way the gift registry works is as follows:

  • It uses a dynamic table which is updated based on a mysql database; and,
  • a html form in which the user enters "gift choices" and using php the form updates the mysql database so that the gift's status becomes unavailable (and this is reflected in the table)
  • The code initially would update the dynamic table and refresh the page so the user could see that the gift that they had selected was now "taken"(the refresh is important because otherwise the table contents would not be updated). Now what is happening is that the form entries do not seem to be being entered into the database when the user fills out the form and clicks submit.

    The code for this is a complete hack and I have never used php, sql, or javascript before this (I had dabbled a little in html) so naturally I think I am a little lost..

    So does anybody know where I've gone wrong?

    I would appreciate any help that anyone could give.


    The code is as follows:

    The following builds the dynamic table

    <?php
    echo"<thead>
    <tr>
    <th>Gift</th>  
    <th>Price</th>
    <th>Where to buy</th> 
    <th>Availability</>
    </tr>
    </thead>";
    
    $dbc = mysqli_connect('localhost','XXXXX','XXXXX','XXXXX_giftregistry') or die('Error connecting to MYSQL server.');
            $results = mysqli_query($dbc,"SELECT gift_name, price, where_to_buy, status FROM gift_reg");
    
            while($row = mysqli_fetch_array($results)) {
            ?>
                <tr>
                    <td><?php echo $row['gift_name']?></td>
                    <td><?php echo $row['price']?></td>
                    <td><?php echo $row['where_to_buy']?></td>
                    <td><?php echo $row['status']?></td>
                </tr>
    
            <?php
            }
            ?>
    
            </table>
    

    The next part is the form submission code

    <?php
    $person_gifting = $_POST['name'];
    $status = $_POST['status'];
    $gift_name = $_POST['gift_name'];
    
    if ($_POST['submit']) {
    $dbc = mysqli_connect('localhost','XXXXXX','XXXXXX','XXXXX_giftregistry') or die('Error connecting to MYSQL server.');
    mysqli_query($dbc,"UPDATE gift_reg SET person_gifting = '$person_gifting' WHERE gift_name = '$gift_name'") or die ('Error querying database.');
    mysqli_query($dbc,"UPDATE gift_reg SET status = '$status' WHERE gift_name = '$gift_name'") or die ('Error querying database.');
    mysqli_close($dbc);
    echo "<script> formSubmit()</script>";
    }
    

    The next section is the form.

    echo "<form method='post' action='index.php'><label>Name</label><input name='name' placeholder='Type Here' required><label>What gift would you like to give?</label>";
    
    
     $dbc = mysqli_connect('localhost','XXXXX','XXXXX','XXXXX_giftregistry') or     die('Error connecting to MYSQL server.');
    $query="SELECT gift_name FROM gift_reg WHERE status='Available'";
    $result = mysqli_query ($dbc,$query);
    echo "<select name='gift_name'>";
    
    while($nt=mysqli_fetch_array($result)){
    echo "<option value=$nt[gift_name]>$nt[gift_name]</option>";
    }
    
    echo "</select>"; 
    mysqli_close($dbc);
    ?>
    
    
    <label>Have you already purchased this gift?</label>
    <input name='status' type="radio" value="Taken" id="r1" required>  
    <label for="r1"><span></span> Already purchased </label>
        <input name='status' type="radio" value="Taken" id="r2" required>
        <label for="r2"><span></span> Going to purchase </label>
    
    <input id="submit" name="submit" type="submit" value="Submit">
    
    
    </form>
    

    The formSubmit() refers to:

    <script>
    function formSubmit() {
    window.location.reload();
    }
    </script>
    
    share|improve this question
        
    It seems to me that you're reloading the page rather than submitting the form –  STT LCU Aug 2 '13 at 13:34
    1  
    Not what you're asking about, but your SQL code is extremely vulnerable. –  bfavaretto Aug 2 '13 at 13:43
        
    I probably missed something but what "is now not working"? Is there some error message? Wrong or no data inserted? Server crash? Something else? –  Sylvain Leroux Aug 2 '13 at 14:26
        
    Please before you write any more SQL interfacing code, read up on the proper use of bind_param to add data to your queries. What you've done here has created a gigantic SQL injection bug because you haven't properly escaped your data. Admitting you don't know what you're doing is okay. The next step is to learn how to do it correctly. –  tadman Aug 2 '13 at 14:45
        
    Sorry, should be more clear. Refer to updated post. –  1212__Hello Aug 2 '13 at 14:48

    1 Answer 1

    up vote 0 down vote accepted

    Try changing

    while($nt=mysqli_fetch_array($result)){
        echo "<option value=$nt[gift_name]>$nt[gift_name]</option>";
    }
    

    to

    while($nt=mysqli_fetch_array($result)){
        echo "<option value=\"{$nt['gift_name']}\">{$nt['gift_name']}</option>";
    }
    

    The reason this works is:

    a) referencing an array element as $nt[giftname] is different from $nt['giftname'], the first looks for an array element with a key equal to the value of a constant called 'giftname', where as the latter is looking for an array element with a key of 'giftname'.

    b) depending on which Doc type your working with you should use value="value" rather than value=value

    share|improve this answer
        
    Not sure why you were voted down, as this works. Thank you for helping me out! –  1212__Hello Aug 2 '13 at 15:10
        
    probably because i didn't offer much of an explanation as to why it works, please see edit. and no worries! –  JohnnyFaldo Aug 2 '13 at 15:22

    Your Answer

     
    discard

    By posting your answer, you agree to the privacy policy and terms of service.

    Not the answer you're looking for? Browse other questions tagged or ask your own question.