<html>
<!--
====================================================================================================
This PHP script takes data from a form, and writes it to MySQL database (table: cust_order)
====================================================================================================
-->
<head>
<title>Process an HTML form</title>
</head>
<body>
<?php include "zCode/include.php"; ?> <!-- hyperlink to see the code -->
<?php
error_reporting(0);
//----- Retrieve form elements ---------------------------------------------
$firstname = $_GET['firstname']; #get HTML form entry fields
$lastname = $_GET['lastname'];
$address = $_GET['address'];
$flavors = $_GET['flavor']; #select list array
$toppings = $_GET['topping']; #checkboxes array
$creditCard = $_GET['creditCard'];
if (is_array($flavors)) #select list
$flavor = implode(',' , $flavors); #convet the array into a string
if (is_array($toppings))
$topping = implode(',' , $toppings);
if (!$firstname) {
print "<font color=red>Please enter First Name</font>";
exit;
}
if (!$lastname) {
print "<font color=red>Please enter Last Name</font>";
exit;
}
if (!$address) {
print "<font color=red>Please enter your Address</font>";
exit;
}
if (!$flavor) {
print "<font color=red>Please choose ice cream flavor(s)</font>";
exit;
}
if (!$topping) {
print "<font color=red>Please select topping(s)</font>";
exit;
}
if (!$creditCard) {
print "<font color=red>Please select Credit Card</font>";
exit;
}
//----- Write data into Database ---------------------------------------------
$host = 'localhost';
$DBname = 'demo2';
$DBuser = 'demo2';
$DBpswd = 'demo2';
try {
$connect = mysqli_connect($host,$DBuser,$DBpswd,$DBname); #connect to db server
}
catch(Exception $e) {
// die('Could not connect: ' . $e->getMessage());
die('Could not connect: ' . mysqli_connect_error());
}
$firstname = htmlentities($firstname); #replace < > ' " & characters;
$lastname = htmlentities($lastname); #with their html entities;
$address = htmlentities($address ); # < > ' "e; &
$firstname = mysqli_real_escape_string($connect,$firstname); #escape all ' " \ \n
$lastname = mysqli_real_escape_string($connect,$lastname); #with a \ making them
$address = mysqli_real_escape_string($connect,$address); # \' \" \\ \\n
$insert = "INSERT INTO cust_order
(order_id,firstname,lastname,address,flavor,topping,creditCard,cust_id)
VALUES(0,'$firstname','$lastname','$address',
'$flavor', '$topping', '$creditCard', 1)";
//print $insert; #for debugging
$result = mysqli_query($connect, $insert); #issue the DB insert stmt
if (! $result)
die('Could not execute insert: ' . mysqli_error($connect));
mysqli_close($connect); #close connection
print "<b>Order Processed Successfully!!!</b>";
//=============================================================================
?>
<br><br>
<hr/>
Click <a href=getFromDB.php>here</a> to see all orders
</body>
</html>