0

i am trying to create e-commerce website. neither it is showing error not providing coding result. trying to develop popup modal it is not showing results, modal popup is appearing but the echo codes which were put to retrieve database table value, for example this command is not working. how to find mistake?

<!-- The Modal -->
<?php
require_once '../core/init.php';
<!--this code is to retreive data from database thelewala and table products-->
$id = $_post['id'];
$id = (int)$id;
$sql = "SELECT * FROM products WHERE id = '$id'";
$result = $db->query($sql);
$product = mysqli_fetch_assoc($result);

<!-- this code is to retrieve data from database thelewala and table brand-->
$brand_id = $product['brand'];
$sql = "SELECT brand FROM brand WHERE id = '$brand_id'";
$brand_query = $db->query($sql);
$brand = mysqli_fetch_assoc($brand_query);

?>
<?php ob_start(); ?>
        <div class="modal fade" id="details-modal">
          <div class="modal-dialog">
            <div class="modal-content">

              <!-- Modal Header -->
              <div class="modal-header">
                <h4 class="modal-title"><?php echo $product['title']; ?></h4>
                <button type="button" class="close" data-dismiss="modal">&times;</button>
              </div>

              <!-- Modal body -->
              <div class="modal-body">
                <div class="container-fluid">
                  <div class="row">
                    <div class="col-sm-6">
                      <div>
                        <img src="<?php echo $product['image']; ?>" alt="<?php echo $product['title']; ?>'" class="details img.responsive" />
                      </div>
                    </div>
                      <div class="col-sm-6">
                        <h4>Details</h4>
                        <p><?php echo $product['discription']; ?></p>
                        <hr />
                        <p>Price : Rs. <?php echo $product['price']; ?></p>
                        <p>Brand : <?php echo $brand['brand']; ?></p>
                        <form action="add_card.php" method="post">
                        <div class="form-group">
                          <div class="col-xs-3">
                            <lable for="quantity">Quantity</lable>
                            <input type="text" class="form-control" id="quantity" name="quantity" />
                          </div>
                        </div>
                        <div class="form-group">
                          <lable for="size">Size</lable>
                          <select name="size" id="size" class="form-control">
                          <option value=""></option>
                          <option value="32">32</option>
                          <option value="36">36</option>
                          <option value="XL">XL</option>
                        </select>
                        </div>
                        </form>
                      </div>

                  </div>
                </div>
              </div>

              <!-- Modal footer -->
              <div class="modal-footer">
                <button type="button" class="btn btn-danger" data-dismiss="modal">Close</button>
                <button type="submit" class="btn btn-warning" <span class="glyphicon glyphicon-shopping-cart"></spa>Add to Cart</button>
              </div>

            </div>
          </div>
        </div>
<?php echo ob_get_clean(); ?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Rahul Dighe
  • 1
  • 1
  • Yo uare not looking for errors! Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. – RiggsFolly Apr 19 '18 at 16:51
  • Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Apr 19 '18 at 16:53
  • I assume this is being called by some AJAX code in the browser. So show us that as well – RiggsFolly Apr 19 '18 at 16:54
  • – Rahul Dighe Apr 19 '18 at 18:22
  • Can you read that code????? If not then please edit your question and add this new code in there – RiggsFolly Apr 19 '18 at 18:42

0 Answers0