1

I'd like to update a discount code in Products by retrieving all discount codes from Discounts stored in a drop-down and let the user select a new code or reset active discount code in Products.

Html table displays all products with a discount code (product_discount) joined with Discounts (discount_code). Reseting product_discount to 'no discount' is working fine but I'm getting hard times with my drop-down $_Post['discount'] always empty. Thanks. 

<?php 
session_start();
if (isset($_POST['change'])) {  // is OK
    $change = $_POST['change'];
    if (!empty($_POST['discount'])) {  // PROBLEM : always empty and never updated
        $new_discount = $_POST['discount'];
        // All DB stuff config/try goes here
        $updt = $connexion -> prepare(
            "UPDATE Products SET product_discount = '$new_discount'  
            WHERE productID = '$change'" 
            );
        $updt->execute();
        $connexion = null; 
        // All DB stuff catch goes here
    }
}
if (isset($_POST['reset'])) {  // is OK
 $reset = $_POST['reset'];
 $no_discount = 'no discount';
    // All DB stuff config/try goes here
 $updt = $connexion -> prepare(  
  "UPDATE Products SET product_discount = '$no_discount'  
  WHERE productID = '$reset'" 
  );
    $updt->execute(); //  Update OK
    $connexion = null; 
    // All DB stuff catch goes here
}
?>
    ...

    <body>
        <?php
    // All DB stuff config/try goes here
    // Join tables  
    $select = $connexion -> prepare(
        "SELECT
        Products.productID,
        Products.product_name,
        Products.product_price,
        Products.product_discount,
        Discounts.discount_code,
        Discounts.discount_desc,
        Discounts.discount_percent,
        FROM Products
        INNER JOIN Discounts ON Products.product_discount = Discounts.discount_code"
        );                  
    $select->execute();
    $resultat = $select->fetchall();

    // Html table displays only products on discount
    $display_discounts .= '<p style="font-size: 20px; text-align: center;">Active discounts</p>
        <form method="post" action="">
        <table cellpadding="0" cellspacing="0"  align="center" class="db-table">
        <tr>
        <th>Product</th>
        <th>Public price</th>
        <th>Discount price</th>
        <th>Discount code</th>
        <th>Description</th>
        <th>New code</th>
        <th> </th>
        <th> </th>
        </tr>';                 

        foreach($resultat as $row)     // loop on Products
        {           
        $discount_price = $row['product_price'] - ($row['product_price'] * $row['discount_percent'] );
        $display_discounts .= '<tr>
            <td>'.$row['product_name'].'</td>
            <td>'.$row['product_price'].'</td>
            <td>'.$discount_price.'</td>
            <td>'.$row['product_discount'].'</td>
            <td>'.$row['discount_desc'].'</td>';                    

            // populate discount codes in drop-down 
            $select_d = $connexion -> prepare(
                "SELECT
                 discount_code
                 FROM Discounts"
                 );
            $select_d->execute();
            $result_d = $select_d->fetchall();

            $display_discounts .= "<td><select id='discount' name='discount'>";

            foreach($result_d as $row_d) {    // loop on Discounts
                $display_discounts .= "<option value='".$row_d['discount_code']."'>".$row_d['discount_code']."</option>";
                // value is well populated but empty in $_POST['discount'] 

                $display_discounts .= '</select></td>
                    <td><button class="btn btn-danger bold" type="submit" name="change"  value="'.$row['productID'].'">Change</button></td>
                    <td><button class="btn btn-danger bold" type="submit" name="reset" value="'.$row['productID'].'">Reset</button></td>
                    </tr>';
            }
    $display_discounts .= '</table></form>';                    
    echo $display_discounts;                                        
    $connexion = null; 

...
</body>

Sorry guys I made a mistake #@^^ Html select wasn't correctly wrapped in a form for each product. Here is the working code :

     ...
        $result_d = $select_d->fetchall();

// ----------->> start form        
      $display_discounts .= "<form action='' method='post'><td><select id='discount' name='discount'>";

                    foreach($result_d as $row_d) {    // loop on Discounts
                        $display_discounts .= "<option value='".$row_d['discount_code']."'>".$row_d['discount_code']."</option>";
                    }

                        $display_discounts .= '</select></td>
                            <td><button class="btn btn-danger bold" type="submit" name="change"  value="'.$row['productID'].'">Change</button></td>
                            <td><button class="btn btn-danger bold" type="submit" name="reset" value="'.$row['productID'].'">Reset</button></td></tr>
// ----------->> end form
         </form>';

                    } // end loop Products
            $display_discounts .= '</table>';                   
            echo $display_discounts;

New version with working code and clean HTML (CSS & PHP)

CSS

div.table {
    display: table;
    border-right: 1px solid #ccc;
    border-bottom: 1px solid #ccc;
}

div.thead {
    display: table-header-group;
    font-weight: bold;
    background: #eee;
    padding: 5px;
    text-align: center;
    border-left: 1px solid #ccc;
    border-top: 1px solid #ccc;
}

form.tr,
div.tr {
    display: table-row;
}

span.td,
span.th {
    display: table-cell;
    padding: 5px;
    text-align: center;
    border-left: 1px solid #ccc;
    border-top: 1px solid #ccc;
}

PHP

...
$select->execute();
$result = $select->fetchall();

// displays products on discount with an Html table style  
echo '<p style="font-size: 20px; text-align: center;">Active discounts</p>
<div class="table">
    <div class="thead">
        <span class="th">Product</span>
        <span class="th">Public price</span>
        <span class="th">Discount price</span>
        <span class="th">Discount code</span>
        <span class="th">Description</span>
        <span class="th">New code</span>
        <span class="th">&nbsp;</span>
        <span class="th">&nbsp;</span>
    </div>';

foreach($result as $row)     // loop on Products
{           
    $discount_price = $row['product_price'] - ($row['product_price'] * $row['discount_percent'] );
    // wrap each "tr like' in a form
    echo '<form class="tr" action="" method="post">
        <span class="td">'.$row['product_name'].'</span>
        <span class="td">'.$row['product_price'].'</span>
        <span class="td">'.$discount_price.'</span>
        <span class="td">'.$row['product_discount'].'</span>
        <span class="td">'.$row['discount_desc'].'</span>';

    // populate discount codes in drop-down 
    $select_d = $connexion -> prepare(
        "SELECT
      discount_code
      FROM Discounts"
                );
    $select_d->execute();
    $result_d = $select_d->fetchall();

            // build select for each product
            echo "<span class='td'><select id='discount' name='discount'>
            <option value='' selected='selected'>-Select-</option>";

            foreach($result_d as $row_d) {    // loop on Discounts
                echo "<option value='".$row_d['discount_code']."'>".$row_d['discount_code']."</option>";
            }

    // end select & action buttons
    echo '</select></span>              
        <span class="td"><button class="btn btn-danger bold" type="submit" name="change" value="'.$row['productID'].'">Change</button></span>
        <span class="td"><button class="btn btn-danger bold" type="submit" name="reset" value="'.$row['productID'].'">Reset</button></span>
    </form>';
    } // end loop Products

    echo '</div><br />'; // end display html table style
    $connexion = null;
    ...
devoteur
  • 45
  • 5
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jun 17 '16 at 15:16
  • `if (!empty($_POST['discount']))` change this line to this, `if (!(empty($_POST['discount'])))` and check the spelling of `discount` in the form, – arif_suhail_123 Jun 17 '16 at 15:25
  • You have ` – Barmar Jun 17 '16 at 15:27
  • @Jay Blanchard, thanks for the reminder i usually do the bindParam stuff. – devoteur Jun 17 '16 at 17:23
  • @arif_suhail same problem as empty index... – devoteur Jun 17 '16 at 17:27
  • @Barmar i've got the same 10 discount codes loaded for each row (10 products). Problem is that $_POST['discount'] is even empty when updating last row. – devoteur Jun 17 '16 at 17:35
  • What does `var_dump($_POST)` show? – Barmar Jun 17 '16 at 18:01
  • @Barmar array(2) { ["discount"]=> string(0) "" ["change"]=> string(2) "12" } where 12 is productID. I have values ranging from discount01 to discount10 in each select for each row. – devoteur Jun 18 '16 at 06:14
  • It looks like your HTML is invalid. You can't have `
    `. The only allowed children of `` are `` and ``
     – Barmar Jun 18 '16 at 17:19
  • @Barmar yes you're right! thanks to point it out I was so focused on post than I forgot the html guy. Code is working but DOM is broken. I made a new version by replacing html TABLE with a CSS display:table. Same layout, same results but clean HTML see last update. – devoteur Jun 20 '16 at 08:17
  • It looks like it should work now, I'm not sure why it's not. – Barmar Jun 20 '16 at 15:00
  • ...and it works well ! I appreciate for your time on this issue. – devoteur Jun 20 '16 at 17:01

0 Answers0