0

I am working on a small simple booking system as I am new to PHP. I have a problem of populating the database via a table. The admin can create events which can then in turn be booked by a user. I am positive i am way off with the booking events but i am not sure. I am hoping someone can help me by supplying a few examples off where I have went wrong and what I can do to actually book an event if I was logged in as a user. I will supply code and an image of the table. If you need more pages please let me know and I will post them.

The table image

the table that the user can use to book an event

The events table

<?php

$con = mysql_connect("localhost","root","");

if(!$con)
{
    die('Could not connect: ' . mysql_error());
}

mysql_select_db("flexiflash", $con);

    // Creating the foundations for the table headings //
    echo "<thead>";
    echo "<tr>";
        echo "<th>ID</th>";
        echo "<th>Venue</th>";
        echo "<th>Event</th>";
        echo "<th>Date</th>";
        echo "<th>Time</th>";
        echo "<th></th>";
    echo "</tr>";
    echo "</thead>";

    // Running a JavaScript function to check for the user's payment type before submitting the form to book_event.php //
    echo '<script>
        function check() {

        if (document.getElementById("checkbox").checked && document.getElementById("card").checked)
        {
            alert("Pay by card with 20% off");
            return true;
        }
        else if (document.getElementById("checkbox").checked &&     document.getElementById("paypal").checked)
        {
            alert("Pay via PayPal with 20% off");
            return true;
        }
        else if (document.getElementById("card").checked)
        {
            alert("Pay by card without a voucher!");
            return true;
        }
        else if (document.getElementById("paypal").checked)
        {
            alert("Pay via PayPal without a voucher!");
            return true;
        }
        else 
        {
            alert("Nothing was checked. Please select your payment type");
            return false;
        }
    }
    </script>';

$result = mysql_query("SELECT * FROM events");

while($row = mysql_fetch_array($result))
{
    // Outputting the data from the $result variable into a formatted table //
    echo "<tbody>";
    echo "<form class='table-form'  action='book_event.php' method='post'   onsubmit='return check()'>";
    echo "<tr>";
        echo "<td>" . $row['Event_ID'] . "</td>";
        echo "<td>" . $row['Event_Venue'] . "</td>";
        echo "<td>" . $row['Event_Name'] . "</td>";
        echo "<td>" . $row['Event_Date'] . "</td>";
        echo "<td>" . $row['Event_Time'] . "</td>";
        echo "<td><input type='submit' class='sub_btn' name='submit'     eventid=' .row['Event_ID'] .' value='Book now'></td>";
    echo "</tr>";
    echo "</form>";
    echo "</tbody>";
}

mysql_close($con);
?>

What I have in my booking so far

<?php
session_start();

$con = mysql_connect("localhost","root","");

if(!$con)
{
    die('Could not connect: ' . mysql_error());
}

mysql_select_db("flexiflash", $con);

$date = date('Y-m-d H:i:s');
//$card = ($_POST['P_card']);
//$paypal = ($_POST['P_paypal']);

$event_id = $row['Event_ID'];

$_SESSION['user_id'];

$insert = mysql_query("INSERT INTO booking (User_ID,Event_ID,Date_Booked) VALUES ('". $_SESSION['userid'] . ",". $event_id .","$date"')");

$row = mysql_query("SELECT * FROM events");

mysql_close($con);
?>
Brian Tompsett - 汤莱恩
  • 5,438
  • 68
  • 55
  • 126
niven300
  • 59
  • 1
  • 2
  • 9
  • *Shudder* mysql... Look into using mysqli http://us1.php.net/mysqli or pdo http://us1.php.net/pdo – mituw16 Jan 13 '14 at 15:23
  • Don't `echo`HTML, don't `echo` JS [even worse]. Separate concerns and write raw HTML/JS, entering PHP mode just when you need, e.g. `Click me`. – moonwave99 Jan 13 '14 at 15:27
  • 2
    **By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. – Andy Lester Jan 13 '14 at 15:32
  • Just curious: What are you using to learn from? Some online tutorial? I'm wondering what learning materials you have that are suggesting use the the `mysql` functions. – Andy Lester Jan 13 '14 at 15:34
  • 1
    What is the problem? Do you have a specific instance of something that went wrong? If so, what error messages are you getting, either via the screen or in the log file? – Dave Jan 13 '14 at 15:53

0 Answers0