0

Im trying to insert data from sessions into a database using an insert statement. I have data passed from a login screen which is stored in a session variable called "login_user". I also have a session called "books" which stores multiple variables such as the ISBN number, Title and Price of a book.

I have the following code:

<?php
session_start();
include_once("config.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>View shopping cart</title>
<link href="style/style.css" rel="stylesheet" type="text/css"></head>
<body>


<br>
<div id="books-wrapper">

<!-- #content to center the menu -->
<div id="content">
    <!-- This is the actual menu --> 
    <ul id="darkmenu">
          <li><a href="home.php">Home</a></li>
          <li><a href="catalogue.php">Catalogue</a></li>
          <li><a href="search.php">Search</a></li>
          <li><a href= "view_cart.php">Cart</a></li>
          <li><a href="#">Orders</a></li>
    </ul>

    <div id = "welcome" >
    Welcome, <?=$_SESSION['login_user']?>! <br> <a href="logout.php">Logout</a>
    </div>

</div>

<br><br>
 <h1 id = "mainHeader" >View Cart</h1>
 <br>
 <div class="view-cart">
    <?php
    $current_url = base64_encode($url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
    if(isset($_SESSION["books"]))
    {
        if(isset($_POST['submit_btn']) ){
            $sql = "INSERT INTO `orders` (`OrderNo`, `BookName`, `Quantity`, `TotalPrice`, `ISBN`, `StudentID`) VALUES (NULL, '$obj->Title', '$cart_itm['quantity']', '$total', '$ISBN', '$_SESSION['login_user']');";
        }else {

        $total = 0;
        echo '<form method="post" action="">';
        echo '<ul>';
        $cart_items = 0;
        foreach ($_SESSION["books"] as $cart_itm)
        {
           $ISBN = $cart_itm["ISBN"];
           $results = $mysqli->query("SELECT Title,BookDesc,Price FROM books WHERE ISBN='$ISBN'");
           $obj = $results->fetch_object();

            echo '<li class="cart-itm">';
            echo '<span class="remove-itm"><a href="cart_update.php?removep='.$cart_itm["ISBN"].'&return_url='.$current_url.'">&times;</a></span>';
            echo '<div class="p-Price">'.$currency.$obj->Price.'</div>';
            echo '<div class="book-info">';
            echo '<h3>'.$obj->Title.' (ISBN :'.$ISBN.')</h3> ';
            echo '<div class="p-quantity">Quantity : '.$cart_itm["quantity"].'</div>';
            echo '<div>'.$obj->BookDesc.'</div>';
            echo '</div>';
            echo '</li>';
            $subtotal = ($cart_itm["Price"]*$cart_itm["quantity"]);
            $total = ($total + $subtotal);

            echo '<input type="hidden" name="item_name['.$cart_items.']" value="'.$obj->Title.'" />';
            echo '<input type="hidden" name="item_code['.$cart_items.']" value="'.$ISBN.'" />';
            echo '<input type="hidden" name="item_desc['.$cart_items.']" value="'.$obj->BookDesc.'" />';
            echo '<input type="hidden" name="item_quantity['.$cart_items.']" value="'.$cart_itm["quantity"].'" />';
            $cart_items ++;

        }
        echo '</ul>';
        echo '<span class="check-out-txt">';
        echo '<strong>Total : '.$currency.$total.'</strong>  ';
        echo '</span>';
        echo '<button name="sumbit_btn" class="save_order">Save Order</button>';
        echo '</form>';

    }else{
        echo 'Your Cart is empty';
    }
    }


    ?>
    </div>
</div>
</body>
</html>

However my insert statement doesnt seem to work. I get the ( ! ) Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) on line 43 which is the insert statement

I do have a page called Catalogue where the variables are instantiated but these are then passed onto the view cart page which is above.

Any idea whats wrong with the statement?

Spud91
  • 69
  • 3
  • 12
  • `'$cart_itm['quantity']'` You think this is going to work? Concatenate your variables nice and clean like this: `VALUES (NULL, '" . $obj->Title . "', '" . $cart_itm['quantity'] . "', '" . $total . "', '" . $ISBN . "', '" . $_SESSION['login_user'] . "')` – Rizier123 Mar 15 '15 at 12:25
  • Ah okay thanks! that seems to have gotten rid of that error but now it says i have an unexpected else on line 82 :/ – Spud91 Mar 15 '15 at 12:27
  • 2
    Do some basic debugging: http://stackoverflow.com/q/12769982/3933332 – Rizier123 Mar 15 '15 at 12:28

2 Answers2

0

just replace 43 line with the below code

$sql = "INSERT INTO `orders` (`OrderNo`, `BookName`, `Quantity`, `TotalPrice`, `ISBN`, `StudentID`) VALUES (NULL, $obj->Title, $cart_itm['quantity'], $total, $ISBN, $_SESSION['login_user']);";

let me know its working or not?.

Rakesh Singh
  • 1,250
  • 9
  • 8
0

replace line 43 with

$sql = "INSERT INTO `orders` (`OrderNo`, `BookName`, `Quantity`, `TotalPrice`, `ISBN`, `StudentID`) VALUES (NULL, '{$obj->Title}', '{$cart_itm['quantity']}', '{$total}', '{$ISBN}', '{$_SESSION['login_user']}');";

And remember to sanitize your variables!

cyberseppo
  • 75
  • 1
  • 9
  • Hi, as above in first post comments. I'm now getting: ( ! ) Parse error: syntax error, unexpected 'else' (T_ELSE) on line 80 – Spud91 Mar 15 '15 at 12:35
  • That's because you indeed have two elses after your if statement. first is after the sql string and second is at the bottom, "Your cart is empty". You cannot do that. Try to keep indentations, so you can see it. – cyberseppo Mar 15 '15 at 12:38
  • Hmm what would you suggest i do? as i need to output a message telling the user that their basket is empty IF they havent added anything – Spud91 Mar 15 '15 at 12:39
  • That's how you learn. Also doesn't fit anymore on this question. See comments on your question. – cyberseppo Mar 15 '15 at 12:43