Mutiple selection problem

Discussion in 'PHP' started by ghadacr, Jun 20, 2007.

0
  1. #1
    I got two scipts, one is outputting results from a database with checkboxes beside each record as shown below:

    The problem is when i select more than 1 option i dont get the records selected outputted in the other script(2nd script).. Any can anyway please help me resolve this situation.thanks

    1st script:

    
<?PHP
extract($_GET);
$daterep = str_replace("/","-",$datefrom);
$datereps = str_replace("/","-",$dateto);


$newdate = date ("d M Y", strtotime ($daterep)); 
$newdates = date ("d M Y", strtotime ($datereps)); 

setcookie("from", $newdate, time(  )+600);
setcookie("to", $newdates, time(  )+600);
setcookie("hotel", $subcat, time(  )+600);


?>
<?PHP include 'opendb.php'; ?>

<?PHP include 'header.php'; ?>

<?php 


if(isset($_GET))
{

extract($_GET);

$subcat = $_GET['subcat'];
$optionsheld = $_GET['optionsheld'];
$confirmedroom = $_GET['confirmedroom'];
$cat = $_GET['cat'];
$Season = $_GET['Season'];


$query = mssql_init ("sp_SearchRooms"); 

mssql_bind($query, "@DateTo", $newdate, SQLVARCHAR);

mssql_bind($query, "@Season", $Season, SQLVARCHAR);

mssql_bind($query, "@resortID", $cat, SQLINT2);

mssql_bind($query, "@DateFrom", $newdates, SQLVARCHAR);

mssql_bind($query, "@HotelID", $subcat, SQLVARCHAR);

mssql_bind($query, "@SearchConfirmed", $groupname, SQLVARCHAR);

mssql_bind($query, "@SearchOptions", $optionsheld, SQLVARCHAR);
if (($result = mssql_execute($query)) === false) 
{ 
    die('Could not execute the query ' . $sql ); 
} 



?> 
<?PHP

$count=mssql_num_rows($result);	

 if ($count == 0)
  {
echo "<p>Sorry, your search returned no results</p><br><input type='button' value='Retry' onClick='history.go(-1)'>";

} else {

?>

<form action="roomhold.php" method="get"> 
  <table width="108%" border="0">
    <tr> 
     <td width="19%"></td>
	  <td width="8%"><strong>Room Type:</strong></td>
      <td width="8%"><strong>Available From:</strong></td>
      <td width="8%"><strong>Available To:</strong></td>
	  <td width="9%"><strong>Requested from</strong></td>
	  <td width="9%"><strong>Requested To:</strong></td>
      <td width="5%"><strong>Notes</strong></td>
      <td width="44%">&nbsp;</td>
    </tr>
    <?php 

	
while ($row = mssql_fetch_array($result)) 
{ 
    echo '<tr>';
	echo '<td><a href="roomdetails.php?HotelRoomID=' . $row['HotelRoomID'] . '">More information on hotel room</a></td>'; 
    echo '<td>' . $row['RoomType' ] . '</td>'; 
	echo '<td>' . $row['AvailableFrom' ] . '</td>';
	echo '<td>' . $row['AvailableTo' ] . '</td>';
	echo '<td><input type="hidden" name="datefrom" value="' . $datefrom . '" />' . $datefrom .'</td>';
	echo '<td><input type="hidden" name="dateto" value="' . $dateto . '" />' . $dateto .'</td>';
	echo '<td>' . $row['Notes' ] . '</td>';
    echo '<td><input type="checkbox" name="hotel[0][HotelRoomID]" value="' . $row['HotelRoomID'] . '" />Select  ' . $row['RoomType'] .' to update</td>'; 
    echo '</tr>'; 

}





?>
    <tr> 
      <td colspan="6"><input type="Submit" value="Hold Room"> <INPUT name="button" type="button" onClick="location.href='http://pb-sql/admin.php'" value="Cancel"> 
      </td>
    </tr>
  </table> 
</form> 

<?PHP include 'footer.php'; ?>
<?PHP }} 
?>
    PHP:
    2nd script:

    
<?PHP include 'header.php'; ?>
<?PHP include 'opendb.php'; ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="css/calender.css" rel="stylesheet" type="text/css">
</head>

<body>
<?PHP 

$HotelRoomID = $_GET['HotelRoomID'];
$datefrom = $_GET['datefrom'];
$dateto = $_GET['dateto'];

$sql="SELECT * FROM HotelRooms WHERE HotelRoomID='$HotelRoomID'"; 
$ques="SELECT dbo.Hotels.HotelName FROM Hotels INNER JOIN HotelRooms ON dbo.Hotels.HotelID = dbo.HotelRooms.HotelID WHERE HotelRoomID='$HotelRoomID'";
$query="SELECT dbo.RoomAssociations.RoomAssociation FROM RoomAssociations INNER JOIN HotelRooms ON dbo.RoomAssociations.RoomAssociationID = dbo.HotelRooms.RoomAssociationID WHERE HotelRoomID='$HotelRoomID'"; 
$result=mssql_query($sql);
$res=mssql_query($ques);
$reso=mssql_query($query);

$count=mssql_num_rows($result);


?>

<?php print_r($_GET); ?>
<form method=get name=f1 action='confirmmholdroom.php'>
     <?php
$i=0;
while ($i < $count) {

$rows=mssql_fetch_array($result);
$row=mssql_fetch_array($res);		
$rowe=mssql_fetch_array($reso);
	

?> 
  <table width="85%" border="0">
    <tr> 
      <td width="23%"><strong>Requested from:</strong></td>
      <td width="16%"><strong>Requested to:</strong></td>
      <td width="16%"><strong>Hotel</strong></td>
      <td width="14%"><strong>Room:</strong></td>
      <td width="31%"><strong>Notes</strong></td>
    </tr>
    <tr> 
      <td><?php echo $datefrom; ?> <input type="hidden" name="$datefrom" value="<?PHP echo $datefrom; ?>"> 
        <input type="hidden" name="HotelRoomID" value="<?PHP echo $HotelRoomID; ?>"></td>
      <td><?php echo $dateto; ?> <input type="hidden" name="$dateto" value="<?PHP echo $dateto; ?>"></td>
      <td><?php echo $row['HotelName']; ?> <input type="hidden" name="HotelName" value="<?PHP echo $rows['HotelName']; ?>"></td>
      <td><?php echo $rows['RoomType']; ?> <input type="hidden" name="RoomType" value="<?PHP echo $rows['RoomType']; ?>"></td>
      <td><?php echo $rows['Notes']; ?> <input type="hidden" name="Notes" value="<?PHP echo $rows['Notes']; ?>"></td>
    </tr>
    <tr> 
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td>Sales consultant</td>
      <td><input readonly type="text" name="UserName" value="<?php $nw = new COM("WScript.Network"); echo $nw->username;  ?>"></td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td>Surname</td>
      <td><input type="text" name="surname"></td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp; </td>
    </tr>
    <tr> 
      <td>Forename</td>
      <td><input type="text" name="forename"></td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td>Option held:</td>
      <td><input readonly type="text" name="DateHeld" value="<?PHP echo date("d/m/Y"); ?>"></td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td><input type="submit" name="Submit" value="Hold room">
        <input name="button" type="button" onClick="location.href='http://pb-sql/wintersearch.php'" value="Cancel"></td>
      <td>&nbsp; </td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td>&nbsp; </td>
      <td>&nbsp;</td>
      <td>&nbsp; </td>
      <td>&nbsp;</td>
      <td> </td>
    </tr>
  </table>
</form>

<?PHP 
 ++$i;

}  ?>         <?php 
mssql_close();
?>
</body>
</html>

<P>
<?PHP include 'footer.php'; ?>
    PHP:
     
    ghadacr, Jun 20, 2007 IP
  2. kaisellgren

    kaisellgren Well-Known Member

    Messages:
    472
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    110
    #2
    I did not quite get your point. However, why are you using extract()? I see no reason for doing so. This could lead you to security problems. Do not use it, just an advice.
     
    kaisellgren, Jun 20, 2007 IP