<html>
<!--
====================================================================================================
This PHP script takes data from a form, and writes it to MySQL database (table: cust_order)
====================================================================================================
-->
<head>
<title>Process an HTML form</title>
</head>
<body>
<?php include "../include.php"; ?> <!-- hyperlink to see the code -->
<?php
error_reporting(0);
//----- Retrieve form elements ---------------------------------------------
$firstname = $_POST['firstname']; #get HTML form entry fields
$lastname = $_POST['lastname'];
$address = $_POST['address'];
$flavor = $_POST['flavor']; #select list array
$topping = $_POST['topping']; #checkboxes array
$creditCard = $_POST['creditCard'];
if (is_array($flavor)) #select list
$flavor = implode(',' , $flavor);
if (is_array($topping)) #checkboxes
$topping = implode(',' , $topping);
if (!$firstname) {
print "<font color=red>Please enter First Name</font>";
exit;
}
if (!$lastname) {
print "<font color=red>Please enter Last Name</font>";
exit;
}
if (!$address) {
print "<font color=red>Please enter your Address</font>";
exit;
}
if (!$flavor) {
print "<font color=red>Please choose ice cream flavor(s)</font>";
exit;
}
if (!$topping) {
print "<font color=red>Please select topping(s)</font>";
exit;
}
if (!$creditCard) {
print "<font color=red>Please select Credit Card</font>";
exit;
}
//----- Write data into Database ---------------------------------------------
$host = 'localhost';
$DBname = 'demo2';
$DBuser = 'demo2';
$DBpswd = 'demo2';
try {
$connect = mysqli_connect($host,$DBuser,$DBpswd,$DBname); #connect to db server
}
catch(Exception $e) {
// die('Could not connect: ' . $e->getMessage());
die('Could not connect: ' . mysqli_connect_error());
}
$firstname = htmlentities($firstname); #replace < > ' " & characters;
$lastname = htmlentities($lastname); #with their html entities;
$address = htmlentities($address ); # < > ' "e; &
$firstname = mysqli_real_escape_string($connect,$firstname); #escape all ' " \ newline
$lastname = mysqli_real_escape_string($connect,$lastname); #with another \, making them
$address = mysqli_real_escape_string($connect,$address); # \' \" \\ \newline
$insert = "INSERT INTO cust_order
(order_id,firstname,lastname,address,flavor,topping,creditCard,cust_id)
VALUES(0,'$firstname','$lastname','$address',
'$flavor', '$topping', '$creditCard', 1)";
//print $insert; #for debugging
$result = mysqli_query($connect, $insert); #issue the query
if (! $result)
die('Could not execute insert: ' . mysqli_error($connect));
mysqli_close($connect); #close connection
print "<b>Order Processed Successfully!!!</b>";
//=============================================================================
?>
<br><br>
<hr/>
Click <a href=getFromDB.php>here</a> to see all orders, with
<a href=getFromDBSort1.php>sort</a>, or with
<a href=getFromDBSort2.php>sort & filter</a>
</body>
</html>