checking data in DB

Hi,

I want the php code for this required,

I have created a website and a database, DB have a customer table and a field called “cus_id”,
when someone visit to my website and they can request a quotation form that,
but i have in the request quotation page, there are 2 sections, for existing customers (already in my DB, they have cus_ID) and new customers,
when existing customer want to request a quotation, there is a input box says “Enter your customer ID here” and a button “enter”. when they input their cus_id, and enter the button,
It should cross check cus_id with the db, if the cus_id is available, page called “quotationrequest.php” should be opened.(this page is the request a quote form) if the cus_id not available in the db, display an error message.

and the new customer have to file out a small form (my code is attached here) if the fields are filled and the enter button is clicked, the data should be insert to my db.table called “newcustomer” and the “quotationrequest.php” page should be opened.

[code]<?php
if (isset($_POST[‘submitted’])) {
include(’…/library/config.php’);
include(’…/library/opendb.php’);

$type=$_POST[‘type’];
$name=$_POST[‘cuname’];
$no=$_POST[‘contno’];
$email=$_POST[‘email’];

$sqlinsert = “INSERT INTO newcustomer (type,name,contactno,email) VALUES (’$type’,’$name’,’$no’,’$email’)”;

if (!mysql_query($sqlinsert)){
die (‘error inserting new record’);
}// end of nested if statment

$newrecord = "1 record added to the database";

}//end of the main if statemnt
?>

New Customers, Please fill out this simple form

	Company Individual Please make a selection.
	Name	A value is required.Invalid format.
	Contact No	A value is required. Invalid format.
	Email	A value is required. Invalid format.

<?php echo $newrecord ?> [/code]

if there is any errors in my code, please correct it.

First thing you are using an old API to connect to the Database i.e. MySQL (it will be soon depreciated because it’s not secure). Therefore, use MySQLi instead of MySQL and second thing I think you are not sanitizing any of your data, you should strip out any bad stuff that users might insert into the forms. And, I think you are not using functions either, create functions and make your life easier

Here is the code I’ve modified, I haven’t changed the mysql API but I would strongly suggest to change the way you connect to databases. Hope the code works for you.

[code]<?php

if ( $_SERVER[‘REQUEST_METHOD’] == ‘POST’ &&
// All the fields must be filled. If you don’t want any just remove it.
!empty($_POST[‘type’]) &&
!empty($_POST[‘cuname’]) &&
!empty($_POST[‘contno’]) &&
!empty($_POST[‘email’]) &&
isset($_POST[‘submitted’])
){

  include('../library/config.php');
  include('../library/opendb.php');

    function safe_output($string){

        $string = strip_tags($string);
        $string = trim($string);
        $string = htmlspecialchars($string);
        $string = mysql_real_escape_string($string);

        return $string;
    }

    $type = safe_output($_POST['type']);
    $name = safe_output($_POST['cuname']);
    $no = safe_output($_POST['contno']);
    $email = safe_output($_POST['email']);

    $query = "INSERT INTO 
                    newcustomer (type, name, contactno, email)
                  VALUES ('{$type}', '{$name}', '{$no}', '{$email}')
              ";

    $results = mysql_query($query);

    if (!$results) {

        die("Sorry We can't process your request right now");

    }

    header("Location: quotationrequest.php");

}

  if (  $_POST['REQUEST_METHOD'] = 'POST' &&
        isset($_POST['submit']) &&

        ( empty($_POST['type']) ||
          empty($_POST['cuname']) ||
          empty($_POST['contno']) ||
          empty($_POST['email'])
        )
    ){
        $status = "All fields are required.";
  }

?>

<?php if(isset($status)){ echo $status; } ?>

New Customers, Please fill out this simple form

	Company Individual Please make a selection.
	Name	A value is required.Invalid format.
	Contact No	A value is required. Invalid format.
	Email	A value is required. Invalid format.

[/code]

Thank you for your advise and coding

Now i need this one… ???

I have created a website and a database, DB have a customer table and a field called “cus_id”,
when someone visit to my website and they can request a quotation form that,
but i have in the request quotation page, there are 2 sections, for existing customers (already in my DB, they have cus_ID) and new customers,
when existing customer want to request a quotation, there is a input box says “Enter your customer ID here” and a button “enter”. when they input their cus_id, and enter the button,
It should cross check cus_id with the db, if the cus_id is available, page called “quotationrequest.php” should be opened.(this page is the request a quote form) if the cus_id not available in the db, display an error message.

Isn’t it the same question you asked earlier???

yes both i ask,
One was solved by you

I assume you are asking to write a code ???

Yes, I have write the code but it not working

Here is the code, I have used the old MySQL API as you are using it too ;D

Hope this code works for you. Let me know you find any error 8)

[php]

<?php if ( $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['cus_id']) ) {

		    function safe_output($string){

	            $string = strip_tags($string);
	            $string = trim($string);
	            $string = htmlspecialchars($string);
	            $string = mysql_real_escape_string($string);

       		 return $string;
    		}

    		$cus_id = safe_output($_POST['cus_id']);

			$query = "SELECT * FROM customer 
								WHERE cus_id = '{$cus_id}'
					 ";

			$results = mysql_query($query);

			if ($results && mysql_affected_rows() == 1){

				header("Location: quotationrequest.php");

			} else {

				echo "Sorry New Record Found";
			}

	}

?>
Your Title Here

Enter Your Customer ID:

<p>
	<input type="submit" name="cus_sbt" Value="Submit Your ID">
</p>	

[/php]

Thank you so much for your great help

I will let you know, if there is any error