0

I'm fairly certain it couldn't be the angular routing since the button has both ng-click and name="btn-save", one for directing back to the main page which works and the other is for the php section which doesnt work. I have spent quite a few days solving it.

I thought about passing form data to an ng-model then to the js file for angular to post it via a php file as the mysql call, then there are some values in my dropdown that couldn't be passed over so I shelved the idea.

Can anyone figure out what is wrong with it? Sorry of the code is messy.

addSales.php

<?php 

require_once 'database.php';


//if submit button is clicked submit
if(isset($_POST['btn-save']))
{
$data = json_decode(file_get_contents("php://input")); 

//sotred variables from form
$customer_name= $_POST['customer_name'];
$item_id= $_POST['item_name'];
//retrieve
$item_name = mysqli_query($connect,"SELECT ItemName FROM Items WHERE ItemID = '$item_id");
$country= $_POST['country_name'];
$quantity= $_POST['item_quantity'];
$price= $_POST['item_price'];
$sales_date= $_POST['sales_date'];

//insert sales record

mysqli_query($connect,"INSERT INTO Sales (CustomerName, ItemID, ItemName, Country, Quantity, Price, SalesDate)  VALUES('Awful Days', 17, 'Xanax', 'Singapore', 1, 48.3, 2012-01-02)");

//mysqli_query($connect,"INSERT INTO Sales (CustomerName, ItemID, ItemName, Country, Quantity, Price, SalesDate)  VALUES('$customer_name', $item_id, '$item_name', '$country_name', $quantity, $price, $sales_date)");

//update stock count
mysqli_query($connect,"UPDATE Items SET StockLeft = StockLeft - '$quantity' WHERE ItemID = '$item_id'");


//check stock after each record add
$stockchecker=mysqli_query($connect,"SELECT ItemName FROM Items WHERE StockLeft <= 5");
if($stockchecker != NULL)
{
    $message = $stockchecker + "is running out of stock!";
    echo "<script type='text/javascript'>alert('$message');</script>";
}



//return to index main page
echo "
    <!DOCTYPE html>
    <script>
    function redir()
    {
    alert('Record successfully added.');
    window.location.assign('index.php');
    }
    </script>
    <body onload='redir();'></body>";

}

?>

<form method="post">

<div class="form-group">
    <label for="custName">Customer Name:</label>
    <input type="text" name="customer_name" class="form-control" required/>
</div>    

<div class="form-group">
    <label for="itemName">Item Purchased:</label>
    <?php include "database.php";
        $result = mysql_query("SELECT ItemID, ItemName FROM Items");

        echo "<select name='item_name' class='form-control'>";
        while ($row = mysql_fetch_array($result)) 
        {
            echo "<option value='" . $row['ItemID'] . "'>". $row['ItemID'] . " - " . $row['ItemName'] ."</option>";
        }
        echo "</select>";
    ?>

</div>

<div class="form-group">
    <label for="Country">Country:</label>
    <select name="country_name" class="form-control">
        <option value="Malaysia">Malaysia</option>
        <option value="Thailand">Thailand</option>
        <option value="Singaore">Singapore</option>
        <option value="Phillipines">Phillipines</option>
        <option value="Vietnam">Vietnam</option>
        <option value="Other">Other</option>
    </select>
</div>




<div class="form-group">
    <label for="Quantity">Quantity:</label>
    <input type="text" name="item_quantity" class="form-control" required/>
</div>   

<div class="form-group">
    <label for="itemPrice">Total Price (MYR):</label>
    <input type="text" name="item_price" class="form-control" required/>
</div>

<div class="form-group">
     <label for="dateSold">Date:</label>
     <input type='text' name="sales_date" class="form-control" placeholder="dd/mm/yyyy"/>
</div>


<div class="form-group">
    <button ng-click="save()" type="submit" name="btn-save" class="btn btn-primary">Save</button>
    <button ng-click="cancel()" class="btn btn-primary">Cancel</button>
</div>

leslie_lyj
  • 1
  • 1
  • 5
    Stop using the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). – Alex Howansky Apr 25 '17 at 14:24
  • 2
    Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 25 '17 at 14:24
  • Avoid using `mysql_*` functions at all costs! Oh wait, two others beat me to it. :) – Rob W Apr 25 '17 at 14:26
  • Don't mix the APIs. mysql and mysqli is not the same thing. Go with straight mysqli. – aynber Apr 25 '17 at 14:26
  • 1
    you're calling js onclick and at the same time you expect your form to post to php ? You need to start from the manual. You're confused – Rotimi Apr 25 '17 at 14:28
  • `WHERE ItemID = '$item_id` unclosed quote. Also `'Singapore', 1, 48.3, 2012-01-02)` with unquoted `'2012-01-02'` – Deadooshka Apr 25 '17 at 14:33
  • trying to get past the mysql habits sorry. I've changed it to mysqli and it still doesn't help. @Akin I've tried removing the ng-click and it doesn't post either, thanks for replying though – leslie_lyj Apr 25 '17 at 14:36

0 Answers0