<html>
<!--
====================================================================================================
This PHP script adds data to a database table (cust_order)
With in place validation (i.e. script regenerates the page until no further errors)
====================================================================================================
-->
<head>
<title>Process HTML form + write to database</title>
<style>
a {text-decoration:none; color:brown}
</style>
</head>
<body bgcolor=lightyellow>
<h1><center>The Ice Cream Shop</center></h1>
<h2>Collect data from HTML. Write to database</h2>
<?php
error_reporting(E_ALL ^ E_WARNING ^ E_NOTICE); //all but warnings & notices
$host = 'localhost'; #local database (PC or NYU)
// $host = 'oit.scps.nyu.edu'; #NYU database (from remote)
// $host = 'oit.scps.nyu.edu:3306'; #NYU database (from remote with port#)
if ($_POST) #if data was collected in _POST array
{ #that means it was the 2nd time around
validate();
if ($msg == '') #if no errors
{
write_data();
}
}
display();
//=============================================================================
function validate()
{
global $firstname, $lastname, $address, $flavor, $topping, $creditCard;
global $name_error,$addr_error,$flav_error,$top_error,$cc_error,$msg;
$firstname = $_POST['firstname']; #get HTML form entry fields
$lastname = $_POST['lastname'];
$address = $_POST['address'];
$flavor = $_POST['flavor']; #select list --> array
$topping = $_POST['topping']; #checkboxes --> array
$creditCard = $_POST['creditCard'];
$msg;
$name_error;
$addr_error;
$flav_error;
$top_error;
$cc_error;
if (is_array($flavor))
$flavor = implode(',' , $flavor); #flatten out the array
if (is_array($topping))
$topping = implode(',' , $topping); #flatten out the array
if (preg_match('/^\s*$/',$firstname) || preg_match('/^\s*$/',$lastname)) {
$msg = 'error';
$name_error = '*';
}
if (preg_match('/^\s*$/',$address)) { #if nothing but spaces or nulls
$msg = 'error';
$addr_error = '*';
}
if ($flavor == '') {
$msg = 'error';
$flav_error = '*';
}
if ($topping == '') {
$msg = 'error';
$top_error = '*';
}
if ($creditCard[0] == '') {
$msg = 'error';
$cc_error = '*';
}
if ($msg == 'error')
$msg = 'Please enter required field(s) above!';
}
//=============================================================================
function display()
{
global $firstname, $lastname, $address, $flavor, $topping, $creditCard;
global $name_error,$addr_error,$flav_error,$top_error,$cc_error,$msg;
if ($creditCard == 'visa') $visa_checked = 'CHECKED';
if ($creditCard == 'master-card') $mc_checked = 'CHECKED';
if ($creditCard == 'amex') $amex_checked = 'CHECKED';
if (strpos($flavor,'vanilla') !== false) $vanl_selected = 'SELECTED';
if (strpos($flavor,'chocolate') !== false) $choc_selected = 'SELECTED';
if (strpos($flavor,'strawberry') !== false) $strw_selected = 'SELECTED';
if (strpos($flavor,'butter-pecan') !== false) $butr_selected = 'SELECTED';
if (strpos($flavor,'rocky-road') !== false) $rock_selected = 'SELECTED';
if (strpos($flavor,'french-vanilla') !== false) $fren_selected = 'SELECTED';
if (strpos($flavor,'pistachio') !== false) $pist_selected = 'SELECTED';
if (strpos($topping,'hotFudge') !== false) $hotF_checked = 'CHECKED';
if (strpos($topping,'sprinkles') !== false) $sprk_checked = 'CHECKED';
if (strpos($topping,'nuts') !== false) $nuts_checked = 'CHECKED';
if (strpos($topping,'whippedCream') !== false) $whip_checked = 'CHECKED';
print "<form method=POST action=$_SERVER[PHP_SELF]> \n";
print "<fieldset style='width:580px;border-color:gold'> \n";
print "<legend>Enter Fields Below</legend> \n";
print "<table bgcolor=eeeeee> \n";
print "<tr>";
print "<td><b>First Name ";
print "<td><input type=text name=firstname value='$firstname'> \n";
print "<tr>";
print "<td><b>Last Name <font color=red> $name_error </font>";
print "<td><input type=text name=lastname value='$lastname'> \n";
print "<tr>";
print "<td><b>Enter Address <font color=red> $addr_error </font>";
print "<td><textarea name=address rows=4 cols=47>$address</textarea> \n";
print "<tr>";
print "<td><b>Ice Cream Flavor <font color=red> $flav_error </font> \n";
print "<td><select name='flavor[]' SIZE='4' multiple='multiple'> \n";
print " <option value='vanilla' $vanl_selected> Vanilla</option> \n";
print " <option value='chocolate' $choc_selected> Chocolate</option> \n";
print " <option value='strawberry' $strw_selected> Strawberry</option> \n";
print " <option value='butter-pecan' $butr_selected> Butter Pecan</option> \n";
print " <option value='rocky-road' $rock_selected> Rocky Road</option> \n";
print " <option value='french-vanilla' $fren_selected> French Vanilla</option> \n";
print " <option value='pistachio' $pist_selected> Pistachio</option> \n";
print "</select> \n";
print "<tr>";
print "<td><b>Select Topping <font color=red> $top_error </font> \n";
print "<td>";
print "<input type='checkbox' name='topping[]' value='hotFudge' $hotF_checked/> Hot Fudge \n";
print "<input type='checkbox' name='topping[]' value='sprinkles' $sprk_checked/> Sprinkles \n";
print "<input type='checkbox' name='topping[]' value='nuts' $nuts_checked/> Nuts \n";
print "<input type='checkbox' name='topping[]' value='whippedCream' $whip_checked/> Whipped Cream \n";
print "<tr>";
print "<td><b>Choose Credit Card <font color=red> $cc_error </font> \n";
print "<td>";
print "<input type=radio name=creditCard value='visa' $visa_checked/> Visa \n";
print "<input type=radio name=creditCard value='master-card' $mc_checked/> Master Card \n";
print "<input type=radio name=creditCard value='amex' $amex_checked/> Amex \n";
print "<tr>";
print "<td width=155>";
print "<input type=submit value=' Place Order '>";
print "<td><input type=reset value=Cancel> \n";
print "</table> \n";
print "</fieldset> \n";
print "<br><font color=red> $msg </font>";
print "<br/>";
print "</form> \n";
}
//===============================================================================
function write_data()
{
global $host, $msg;
global $firstname, $lastname, $address, $flavor, $topping, $creditCard;
$DBname = 'demo2';
$DBuser = 'demo2';
$DBpswd = 'demo2';
$connect = mysqli_connect($host,$DBuser,$DBpswd,$DBname); #connect to db server
if (! $connect)
die('Could not connect: ' . mysqli_connect_error());
$firstname2 = htmlentities($firstname); #replace < > ' " & characters;
$lastname2 = htmlentities($lastname); #with their html entities;
$address2 = htmlentities($address ); # < > ' "e; &
$firstname2 = mysqli_real_escape_string($connect,$firstname2); #escape all ' " \ newline
$lastname2 = mysqli_real_escape_string($connect,$lastname2); #with another \, making them
$address2 = mysqli_real_escape_string($connect,$address2); # \' \" \\ \newline
$update = "INSERT INTO cust_order
VALUES(0,'$firstname2','$lastname2','$address2',
'$flavor', '$topping', '$creditCard', 1)";
$result = mysqli_query($connect,$update); #issue the query
if (! $result)
die('Could not execute update: ' . mysqli_error($connect));
mysqli_close($connect); #close connection
$msg = 'Order processed successfully!!!';
}
//=============================================================================
?>
<hr/>
<center>
add order |
<a href=/~sultans/php/demo/4http/app/getFromDBList.php>list all orders</a> |
<a href=/~sultans/php/demo/4http/app/getFromDBSrch.php>search</a> |
<a href=/~sultans/php/demo/4http/app/formToDBUpd.php >update order</a>
</center>
<?php include "../include.php"; ?> <!-- hyperlink to see the code -->
</body>
</html>