I’m currently learning php I have designed a form where a user can enter product details which are validated and sent to a database, I need to store the product ID (auto incremented) to a cookie, then retrieve the cookie and display to the user on an update page. I am aware cookies are not good for storing form data but this is for educational purposes. I have provided a copy of the form and validation code, this then calls a file called storefile2 to send details to the database and display on an update page to user. I am stuck on this problem and would appreciate any help. I have added the code for the form and the update page. Thanks
<!DOCTYPE html>
<?php
$conn = @mysqli_connect("localhost","root","","doorlever");
// Check connection
if (mysqli_connect_errno() !=0) //or use if(!$conn)
{
echo "<p>Failed to connect to MySQL, Error: " . mysqli_connect_error()."</p>";
}
else
{
//echo "<p>Connected to MySQL</p>";
$pid = mysqli_insert_id($conn);
}
?>
<?php
setcookie('prodID', $pid, time()+ (86400 * 365));
if(isset($_COOKIE['prodID']))
{
//echo $_COOKIE['prodID'] . "<br />";
}
else
{
echo "Sorry... product ID not found" . "<br />";
}
?>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Assessment 4</title>
<link rel="stylesheet" type="text/css" href="css/lever.css">
</head>
<style>
.error { color: #FF0000; }
.container {width:700px;margin:0 auto;}
.center {text-align:center;}
</style>
<body>
<?php
$errMessageName ="required field";
$errMessageFinish="required field";
$errMessageUsage = "required field";
$errMessageCost="required field";
$errMessageImage="required field";
$prodName="";
$prodFinish="";
$prodUsage="";
$prodCost="";
$prodID= "";
$invalidData = false;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(isset($_POST["reset"])){
header("Refresh:0");
exit();
}
//validate fields
$prodName = checkinput($_POST["Name"]);
$prodFinish = checkinput($_POST["Finish"]);
$prodUsage = checkinput($_POST["Usage"]);
$prodCost = checkinput($_POST["Cost"]);
$fileupload = $_FILES['userfile']['name'];
$filetype = $_FILES['userfile']['type'];
$filesize = $_FILES['userfile']['size'];
$tempname = $_FILES['userfile']['tmp_name'];
$filelocation = "images/$fileupload";
if($prodName == "") {
$errMessageName = "Product name must not be blank";
$invalidData = true;
}
elseif ($prodFinish == "") {
$errMessageFinish = "Product finish must not be blank";
$invalidData = true;
}
elseif ($prodUsage == ""){
$errMessageUsage = "Product Usage must not be blank";
$invalidData = true;
}
elseif (!filter_var($prodCost, FILTER_VALIDATE_FLOAT)) {
$errMessageCost = "Please enter a number only in decimal format eg: 1.00";
$invalidData = true;
}
//make sure a file has been entered
elseif($fileupload == "") {
$errMessageImage = "Please enter an image";
$invalidData = true;
}
//check file type
elseif (($_FILES['userfile']['type'] != "image/jpg") && ($_FILES['userfile']['type'] != "image/png")
&& ($_FILES['userfile']['type'] != "image/jpeg"))
{
$errMessageImage = "Only JPG & PNG files are allowed.";
$invalidData = true;
}
elseif (!move_uploaded_file($tempname,$filelocation)) {
switch ($_FILES['userfile']['error'])
{
case UPLOAD_ERR_INI_SIZE:
echo "<p>Error: File exceeds the maximum size limit set by the server</p>" ;
break;
case UPLOAD_ERR_FORM_SIZE:
echo "<p>Error: File exceeds the maximum size limit set by the browser</p>" ;
break;
case UPLOAD_ERR_NO_FILE:
echo "<p>Error: No file uploaded</p>" ;
break;
default:
echo "<p>File could not be uploaded </p>" ;
}
}
else
{
$conn = mysqli_connect("localhost:3306","root","");
// Check connection
if (mysqli_connect_errno())
{
echo "<p>Failed to connect to MySQL: " . mysqli_connect_error() . "</p>";
}
}
if ($invalidData == false) {
include('storefile2.php');
//Show thank you page
//header('Location: update.php');
exit();
}
}
function checkInput($inputData) {
$inputData = trim($inputData);
$inputData = stripslashes($inputData);
$inputData = htmlspecialchars($inputData);
return $inputData;
}
?>
<div class="container">
<h1>Acme Hardware</h1>
<h2>Door Levers - Product Entry Form</h2>
<h3>Enter the Door Lever Product Details into the form and and click the Submit button</h3>
<p>NOTE: * denotes required entry</p></br>
<form id="Form1" name="Form" method="post" enctype='multipart/form-data' action=<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>>
<label for="Name">Product Name: </label><input type="text" name="Name" id="Name" size="20" value="<?php echo
$prodName;?>"><span class="error">* <?php echo $errMessageName;?></span><br /><br />
<label for="Finish">Product Finish: </label> <input type="text" name="Finish" id="Finish" size="20" value="<?php echo
$prodFinish;?>"><span class="error">* <?php echo $errMessageFinish;?></span><br /><br />
<label for="Usage">Product Usage: </label><input type="text" name="Usage" id="Usage" size="20" value="<?php echo
$prodUsage;?>"><span class="error">* <?php echo $errMessageUsage;?></span><br /><br />
<label for="Cost">Product Cost: </label><input type="text" name="Cost" id="Cost" size="20" value="<?php echo
$prodCost;?>"><span class="error">* <?php echo $errMessageCost;?></span><br /><br />
<a href="ProductCost.php">Update product cost</a> <br/><br/>
<a href="deleteProduct.php">Delete product</a> <br/><br/>
<input type='hidden' name='MAX_FILE_SIZE' value='4000000'/>
<label for="userfile">Product image: </label><input type='file' id='userfile' name='userfile'><span class="error">* <?php echo $errMessageImage;?></span></br>
<input type="submit" name="submit" value="Submit"/>
<input type ="reset" name="reset" value ="Reset" title="Reset Form"/>
</form>
</div>
</body>
</html>
<!--Page Name: storefile2.php
Date: 2/11/18
Author:
Purpose: uses the fields posted from the productEntryForm and stores it in the levers table
the ccokies are stored to and retrieved from the browser settings (eg. Chrome://settings/cookies) as this information can be lost from page to the next (stateless protocol)-->
<?php
//Open the database and make sure the levers table is present
$fileupload = $_FILES['userfile']['name'];
$filetype = $_FILES['userfile']['type'];
$filesize = $_FILES['userfile']['size'];
$tempname = $_FILES['userfile']['tmp_name'];
$filelocation = "images/$fileupload";
//$prodID = "";
include ('update_db.php');
$dbQuery= "INSERT INTO levers(id, prodName, prodFinish, prodUsage, prodCost, imageurl)
VALUES('$prodID', '$prodName', '$prodFinish', '$prodUsage', '$prodCost', '$filelocation')";
if (mysqli_query($conn, $dbQuery))
{
echo "<!DOCTYPE html>";
echo "<html lang='en'>";
echo "<head>";
echo "<meta charset='UTF-8'>";
echo "<title>File Upload</title>";
echo "</head>";
echo "<body>";
echo"<h1>Update Page</h1>";
echo"<p>Thank you. database has been updated</p>";
$pid = mysqli_insert_id($conn);
echo"<p>The product ID for this product is <b>".$pid."</b>.<p>";
echo"<p>File Image: </p>";
echo"<p><img src='$filelocation' height='300' width='200'></p>";
echo"<a href='productEntryForm.php'>Back to Product Entry Form</a>";
echo "</body>";
echo "</html>";
}
else
{
echo "<p>Couldn't add the file to the database " . mysqli_error($conn) . "</p>" ;
}
?>