Review system

[nvening]

he, sorry, i wasnt very specific!!

first off the id is set in the url ie index.php?id=2

second, the problem is that nothing is being inserted into the db, otherwise it seems fine

and more info on includes and a function call would be greatly appreciated

Im fiddling with the code atm, but if you still want it ill post it up a bit later

thanks, neil

[DougMcDonald]

It would certainly be worth attempting the insert via the myPHPAdmin interface, does the SQL throw any errors?

I do remember encountering a similar issue in the past *digs around for old code* ah yes, I remember, try setting your query string to a variable, then putting some basic error catching around it, like this:

PHP Code:

        $sql = "INSERT INTO restreview VALUES 
        ('$id','$name_rev','$email_rev','$rating_rev','$review_rev')";      
        print($sql);

        mysql_query($sql) or die ('I cannot update the database because: ' . mysql_error()); 


Also, if you echo/print your query, ($sql) what does it show?

First glance would suggest you need to escape the string for the query better. I would think when you reference the variables you would want syntax more like this:

PHP Code:

        $sql = "INSERT INTO restreview VALUES 
        (" . $id . "," . $name_rev . "," . $email_rev . "," . $rating_rev . "," . $review_rev. ")";      
        print($sql); 


[jamiesalter]

I've just knocked this up quickly so it may not work perfectly

There are two files...one of which is include.php which contains the connection information needed to access the database. This file (include.php) should be placed in the directory above the current file for security.

Include.php:

PHP Code:

<?php

function db_connect()
{
   $username = "";
   $password = "";
   $database = "";
    
   $handle = mysql_connect ("localhost", "$username", "$password") or die ('I cannot connect to the database because: ' . mysql_error());
   mysql_select_db('gkelly_siteopening', $handle) or die('Could not select database.');
   return $handle;
}

?>

Product.php:

PHP Code:

<?php
//Include a file include.php which is above the current directory (so can't be accessed directly from a browser = more security)
require_once('../include.php');

if(isset($_POST['validation'])) {
    
    //Put ID in URL into $id variable
    $id = $_REQUEST['id'];
    
    $name_rev=$_POST['name'];
    $email_rev=$_POST['email'];
    $rating_rev=$_POST['rating'];
    $review_rev=$_POST['review'];
    
    //Check if the form was filled out correctly...if not print an error and change $error variable to true
    $error = false
    if (empty($name_rev)){echo 'You forgot to enter your name'; $error = true;}
    if (empty($email_rev)){echo 'You forgot to enter your email'; $error = true;}//remove this line if the email isn't necessary
    if (empty($review_rev)){echo 'You forgot to write a review'; $error = true;}
    
    //Only continue if the form was filled out correctly
    if ($error = false){
    
    //Do some basic handling of submitted stuff:
    //Make sure the rating is a number
    $rating_rev=doubleval($rating_rev);
    //Add slashes to the text to prevent problems occuring [remember to use stripslashes(...) when printing the review]
    $email_rev=addslashes(email_rev);
    $review_rev=addslashes(review_rev);
    $name_rev=addslashes(name_rev);
    
    //Open database connection by calling function in include.php
    $dbh=db_connect();
    
    $query_review = "INSERT INTO restreview VALUES ('$id','$name_rev','$email_rev','$rating_rev','$review_rev')";
    
    //Run the query and if it fails print an error
    if (!$result = $mysql_query($query_review)){
    $echo 'An error has occured.  Please try again later.';
    } else {
    echo 'Your review was successfully submitted';
    }
    
    }//end if ($error = false){...

    mysql_close();
}
?>
<h1>Your Details:</h1>

<form action="product.php?id=<? echo $id; ?>" method="post">
<span class="det">Name:</span> <input style="margin-left: 5px;" type="text" name="name"><br/>
<span class="det">Email:</span> <input style="margin-left: 7px;" type="text" name="email"> <span class="det">(will not be displayed)</span><br/>

<span class="det">Rating:</span> <select name="rating">
<option value="1">1</option>
<option value="2">2</option>
<option value="3" selected="selected">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
<br/>
<h1>Review:</h1>
<textarea rows="5" cols="50" name="review">
Enter your review here
</textarea>
<input type="hidden" name="validation" value="1"/>
<p style="margin-left: 50px;" >
<input type="submit" value="Submit" >
<input type="reset" value="Reset">
</p>
</form>

Hope this helps

Jamie

[nvening]

wow, thanks jamie!

ive fixed a missing ; which was throwing up and error however i can seem to fix this part:

//Run the query and if it fails print an error
if (!$result == mysql_query($query_review)){
$echo 'An error has occured. Please try again later.';
} else {
echo 'Your review was successfully submitted';
}

as you can see ive tried adding the extra = and removing the $ as as afaik that how it should be, but im still getting an error - however i dont really understand where the $result variable is coming from or what the ! is for??

The error is Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING

thanks

[jamiesalter]

Try this instead:

PHP Code:

    //Run the query
    $result = $mysql_query($query_review);
    //Check for an error
    if (!$result){ 
    $echo 'An error has occured.  Please try again later.'; 
    } else { 
    echo 'Your review was successfully submitted'; 
    } 


The ! in an IF statement is the PHP's negation operator which means it flips a false value to true and vice versa. So in this example, if the query doesn't run correctly and $result is returned as false, then the ! in the IF statement flips it to true. This means 'An error has occured...' is echoed.

If it still doesn't work, I'll look at it further.

[DougMcDonald]

Just for you infomation Niel, the exclamation mark means 'no' or 'not'

In this example, it means 'no' !$variable_name, you would use this to establish whether or not a variable exists.

You could also use the exclamation mark to mean 'not' using something like this if ($my_variable != 10) to establish when $my_variable is not equal to ten

EDIT: Beaten to it!

[nvening]

ah, well that fixed one problem jamie!!

However im now getting this:

Warning: mysql_close(): no MySQL-Link resource supplied in /home/gkelly/public_html/stives/product.php on line 350

when i try and submit the form, erm, ill google it as well but i cant make out what its talking about!!

thanks

[DougMcDonald]

You are getting this message because the connect statement is only executed when the

PHP Code:

if(isset($_POST['validation'])) 


evaluates to true.

You have two options here, either move the

PHP Code:

    //Open database connection by calling function in include.php
    $dbh=db_connect(); 


To outside (before) the:

PHP Code:

if(isset($_POST['validation'])) 


Statement.

This will force a db connect even if the form is not submitted. A better way to solve this, would be to move the close command to inside the if statement.

Move this:

PHP Code:

 mysql_close(); 


to above the close brackets on the if(isset) statement so the last few lines read like this:

PHP Code:

    echo 'Your review was successfully submitted';
    }
           mysql_close();    
    }//end if ($error = false){...


} 


[nvening]

ok, thats fixed the error but its still not submitting anything to the database, it also does not say its submitted correctly or to try again later. - i have the include setup with my correct password and everything


on a brighter note ive just completely sorted out all the sites files (old ones cluttering everything out) and converted the pages so that the layout/ nav bar etc is kept in two include files which are used for each page, making maintenance and construction much easier!

Hopefully that should stop me getting so muddled up in all this code!!

Furthermore once ive got this php script sorted out is it best to combine all the scripts into one and place it before everything else - assuming its possible with how ive set it out??

thanks!

[DougMcDonald]

In terms of file locations, i often keep a main 'library.php' file with generic functions in it such as displaynavigation(), displayfooter() connectoDB() etc etc and include this on all pages calling the functions where needed.

I would then split like functions into seperate files too, so maybe you would call this one 'review_scripts.php' or something like that, and create seperate ones for other pages.

What is displayed if you comment out this lot:

PHP Code:

    $query_review = "INSERT INTO restreview VALUES ('$id','$name_rev','$email_rev','$rating_rev','$review_rev')";
    
    //Run the query and if it fails print an error
    if (!$result = $mysql_query($query_review)){
    $echo 'An error has occured.  Please try again later.';
    } else {
    echo 'Your review was successfully submitted';
    } 


and replace it with this:

PHP Code:

$sql = "INSERT INTO restreview VALUES 
        ('$id','$name_rev','$email_rev','$rating_rev','$review_rev')";      
        print($sql);

        mysql_query($sql) or die ('I cannot update the database because: ' . mysql_error()); 


What does the print($sql); return on screen?

[nvening]

Nothing is displayed (ie after i submit it just clears the form and refreshes) and nothng is added to the database.



In responce to your library idea im guessing this would be usefull if you had scripts which you wanted to use multiple times, like classes in css?

I can see that being very useful but assuming i only needed the scripts which are in the layout files which i have put in seperate include files (im going to call them the header and footer) the once, is there any harm in keeping the scripts with the html in those files?

Thanks

[DougMcDonald]

can you load the page and do a 'view source' and paste the resulting HTML here?

Chances are maybe the form is not posting to the correct location.

Also, since you main function which will perform the insert it based on the html variable 'validation' try setting a php variable to be the result of that, and echoing it back, what does it display?

e.g.

PHP Code:

$test_variable = $_GET['validation'];
echo "Test variable: " . $test_variable; 


[DougMcDonald]

I can see that being very useful but assuming i only needed the scripts which are in the layout files which i have put in seperate include files (im going to call them the header and footer) the once, is there any harm in keeping the scripts with the html in those files?

No harm in putting includes with plain HTML in there, make sure you end your string with \n (new line) or you'll get ugly long lines.

e.g. echo "<p>some text</p>\n";

You could argue that one long line reduces the amount of whitespace and therefore increases the efficiency of the site (which is true, but in my experience the difference is negligible)

[nvening]

printing that variable give nothing - is that the problem then?

[DougMcDonald]

Yeah it could be,

one alternative, is to give your submit input item a name e.g.

Code:

<input type="submit" name="posted" value="submit"/>

This will enable you to use:

PHP Code:

isset($_GET['posted']) 


In the place of the 'validated', and should work for you.

Also, what happens if you print out your SQL query?

[jamiesalter]

Place this:

PHP Code:

echo 'this is displayed because the form has been submitted'; 


below this

PHP Code:

if(isset($_POST['validation'])) { 


to check if the form submitting correctly.

You could also try changing the above line to:

PHP Code:

if(isset($_REQUEST['validation'])) { 


(remember to change validation to 'posted' if you change the submit button's name)