1

I'm trying to create a query in php that retrieves values from a database and multiplies them with user input. The user selects an item enters a number and I want the query to multiply the number with different values depending on the item that the user selected. For example, when the user selects an item from id 1 and enters a number, I want the query to retrieve values from id 1 multiply it with the number and if the user selects id 2, the number should be multiplied with values from id 2. Here's what I have so far. 

$value = isset($_POST['selection']);
switch ($value){
case 1 :
$strSQL = "SELECT * FROM table1 WHERE id ='1' ";
$rs = mysql_query($strSQL);
while ($row = mysql_fetch_array($rs)) {
    $q1 = $row['Rate_1' ];
    $q2 = $row['Rate_2'];
}
$c1 = $input * $q1 ;                       
$c2 = $input * $q2 ;
$total = $c1 + $c2;
echo $total;
break; }
case 2 :
$strSQL = "SELECT * FROM table1 WHERE id ='2' ";
$rs = mysql_query($strSQL);
while ($row = mysql_fetch_array($rs)) {
    $q1 = $row['Rate_1' ];
    $q2 = $row['Rate_2'];
}
$c1 = $input * $q1 ;                       
$c2 = $input * $q2 ;
$total = $c1 + $c2;
echo $total;
break;
}

I have a form where the user enters a number but when I click calculate, it doesn't bring up any results.

Devon Bessemer
  • 34,461
  • 9
  • 69
  • 95
David
  • 15
  • 4
  • 1
    mysql_ functions are deprecated. No point in using a *while* if you are using a static *break* in the loop. Indent your code so it's easier to read. I'm sure there are more suggestions but this is a starting point to good code. – Devon Bessemer Aug 18 '15 at 19:39
  • Brings up another point. I see the break is supposed to be for the switch, not the while. (Another reason for proper indentation). You shouldn't have a closing bracket after the first break then. – Devon Bessemer Aug 18 '15 at 19:41
  • There is a good 30 minutes worth of explanation to get this code up to a useable state. Can I suggest that you spend some time looking at some online tutorials on PHP and using it to access a MYSQL database. – RiggsFolly Aug 18 '15 at 19:42
  • Also dont spend time learning the `mysql_` extensions, instead learn either `mysqli_` or `PDO` as the `mysql_` extensions will soon be removed completely – RiggsFolly Aug 18 '15 at 19:44

1 Answers1

1

You are closing your switch before it ends, https://eval.in/418432. Error reporting would have shown this. Aside from this you are running the same code twice. Might as well use the value in the query (note we cast the value as int, never pass user input direct to a query, this opens you to SQL injections, another approach with this driver is, http://php.net/manual/en/function.mysql-real-escape-string.php).

    if(isset($_POST['selection']) && ($_POST['selection'] == 1 || $_POST['selection'] == 2)){
          $id = (int)$_POST['selection'];
          $strSQL = "SELECT * FROM table1 WHERE id = $id";
          $rs = mysql_query($strSQL);
          $row = mysql_fetch_array($rs); // id is auto-incrementing presumably so no need to loop, only 1 row
          $q1 = $row['Rate_1' ];
          $q2 = $row['Rate_2'];
          $c1 = $input * $q1 ; //dont know where $input is defined but presuming you took care of that else where in the code                   
          $c2 = $input * $q2 ;
          $total = $c1 + $c2;
          echo $total;
     } else {
          echo 'Invalid value passed in';// or do nothing here and take out the else.
     }

It would also be best to update your db driver to mysqli or pdo which will allow you to use prepared statements.

Here's a thread on getting error messages,

How to get useful error messages in PHP?

and a thread on SQL injection prevention,

How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
chris85
  • 23,846
  • 7
  • 34
  • 51